an EDH cipher usually considered
> "stronger" than a non-EDH cipher and thus automatically preferred?
OpenSSL 1.0.0 or later by default prefers EECDH and EDH ciphers to
non-EDH ciphers for any given key length. The cipher preference
in older OpenSSL releases (typically 0.9.8) is
* lst_ho...@kwsoft.de :
> >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
>
> This let the *server* (Postfix) choose a cipher suggested by the
> client, so it depends. If the client has no DH ciphers it doesn't
> help, if the client list DH ciphers later in the list Post
Zitat von Ralf Hildebrandt :
What exactly are the prerequisites for "preferring" EDH ciphers in
Postfix?
* Do I need ECC (and thus OpenSSL >= 1.0.0) or not?
For EDH no, for ECDHE yes
* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
This let the *ser
What exactly are the prerequisites for "preferring" EDH ciphers in
Postfix?
* Do I need ECC (and thus OpenSSL >= 1.0.0) or not?
* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15,
