On Wed, Nov 07, 2018 at 08:52:26AM -0800, [email protected] wrote:
> Re: this particular, *internal* connection,
>
> Nov 4 15:21:45 mx postfix/postscreen-internal/smtpd[15675]:
> Anonymous TLS connection established from mx.example.com[XX.XX.XX.XX]:
> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>
> i.e., 'between' *my* external/postscreen listener instance and *my*
> internal/after-postscreen smtpd instance, does it make any particular
> difference/improvement to explicitly change/limit that cipher to a single,
> mandatory choice? given that it *IS* tls1.3 with PFS, my inclination is
> simply ... leave it be.
No leave it be.
--
Viktor.
