> On Jul 16, 2019, at 12:02 PM, David Mehler <dave.meh...@gmail.com> wrote:
>
> I'm wanting to ensure my postfix configuration will work with TLS 1.3.
> Any suggestions/howtos?
It just works. Logging of the selected ciphersuite properties is more
detailed in Postfix 3.4 than in previous versions. With Postfix 3.3
and earlier and OpenSSL 1.1.1 the signature algorithm and key exchange
algorithm details are not logged when TLS 1.3 is used. This is because
TLS 1.3 negotiates the signature algorithm and key exchange separately
from the bulk encryption cipher code point.
No HOW-TO is required. FWIW, the cipher grade and cipher exclusions
do not apply when TLS 1.3 is negotiated. TLS 1.3 has a semantically
independent set of cipher code points, which are all believed strong
(at least presently).
--
Viktor.
