On Wed, Aug 14, 2013 at 11:13:52PM +0200, Ralf Hildebrandt wrote:
> * lst_ho...@kwsoft.de :
>
> > >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
> >
> > This let the *server* (Postfix) choose a cipher suggested by the
> > client, so it depends. If the client has no DH
* lst_ho...@kwsoft.de :
> >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
>
> This let the *server* (Postfix) choose a cipher suggested by the
> client, so it depends. If the client has no DH ciphers it doesn't
> help, if the client list DH ciphers later in the list Post
Zitat von Ralf Hildebrandt :
What exactly are the prerequisites for "preferring" EDH ciphers in
Postfix?
* Do I need ECC (and thus OpenSSL >= 1.0.0) or not?
For EDH no, for ECDHE yes
* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
This let the *server* (Postfix)