> On Mar 29, 2018, at 5:03 PM, @lbutlr <krem...@kreme.com> wrote:
>
> If you do this, then you do not need smtpd_tls_exclude_ciphers, right?
No, protocol versions and ciphersuites are different beasts. But with
"smtpd_tls_mandatory_ciphers = high" there's generally not much need
for any further ciphersuite exclusions.
> Also, do the setting above also exclude the weaker protocols like MD5 and RC2?
MD5 and RC2 are classes of ciphersuites, NOT protocols.
Neither are used in any "high" grade ciphers.
--
Viktor.
