Matus UHLAR - fantomas wrote in <Y7l7qS2IF/mxz...@fantomas.sk>: ... |one |can disable aDH by adding it to smtp_tls_mandatory_exclude_ciphers.
Just last week with the new lighttpd update i followed his maintainer by doing (the EDH+AESGCM is _my_ addition, blame _me_ for that, it adds four combinations): # super modern, forward secrecy TLSv1.2 / TLSv1.3 selection.. tls_high_cipherlist = EECDH+AESGCM:EECDH+AES256:EDH+AESGCM:CHACHA20 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = TLSv1 For long (many, many months) i have smtpd_tls_mandatory_protocols = >=TLSv1.2 smtpd_tls_protocols = $smtpd_tls_mandatory_protocols All this transported to other (client etc) via such var assignments. I have no fallout after two days (in which i had bitten the bullet and really read through the logs; yet; i also presumed he did some careful investigation before being that rigid, so). --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
