We're thinking of adding a few new settings to the stable Postfix
releases that allow Postfix to regain some control over crypto
policies that do not necessarily improve matters for SMTP where
the main result would be more plaintext communication.
With stable releases, it would not be approprriate to introduce a
boatload of features, but plausible candidates are:
tls_config_file = default | none(*) | /path/to/file
(*)only OpenSSL 1.1.b and later
tls_config_appname = (some string, maybe 'postfix')
These settings control where, if at all, the OpenSSL library gets
is 'ini' settings from. 'Default' means surrender to the system
configuration, /path/to/file gives more control but may leave Postfix
marooned on its own island, and a Postfix-specific appname would
allow Postfix to have settings of its own in a shared configuration.
In the development release we can then figure out if Postfix programs
should be able to poke configuration settings from main.cf into the
OpenSSL library.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
