Re: EDH Ciphers

2013-08-16 Thread Viktor Dukhovni
On Wed, Aug 14, 2013 at 11:13:52PM +0200, Ralf Hildebrandt wrote: > * lst_ho...@kwsoft.de : > > > >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? > > > > This let the *server* (Postfix) choose a cipher suggested by the > > client, so it depends. If the client has no DH

Re: EDH Ciphers

2013-08-14 Thread Ralf Hildebrandt
* lst_ho...@kwsoft.de : > >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? > > This let the *server* (Postfix) choose a cipher suggested by the > client, so it depends. If the client has no DH ciphers it doesn't > help, if the client list DH ciphers later in the list Post

Re: EDH Ciphers

2013-08-14 Thread lst_hoe02
Zitat von Ralf Hildebrandt : What exactly are the prerequisites for "preferring" EDH ciphers in Postfix? * Do I need ECC (and thus OpenSSL >= 1.0.0) or not? For EDH no, for ECDHE yes * Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? This let the *server* (Postfix)