Quoting Viktor Dukhovni <postfix-us...@dukhovni.org>:
On Wed, Sep 28, 2022 at 06:38:15PM +0200, Lists Nethead wrote:
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with "no shared cipher". The configuration is pretty standard I think,
smtpd_tls_protocols = >=TLSv1.2
That's not the default setting.
smtpd_tls_exclude_ciphers = aNULL
This is only appeases clueless auditors, in reality it is silly.
From what I can see, this is what they want:
TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
What certificate did you deploy? What is the name of the server,
would I be able to connect to it?
Hm, what is the default then?
Yes, nh1.nethead.se and vrt.nethead.se
Letsencrypt
