Thanks you very much!
Very informative!
On 2017-11-23 16:03, Mel Pilgrim wrote:
> On 2017-11-23 01:30, Jonathan Sélea wrote:
>> Hi,
>>
>> I did struggle alot to understand and deploy a secure cipher list that
>> https://hardenize.com and https://ssl-tool.net would not complain on, so
>> I came up
On 2017-11-23 01:30, Jonathan Sélea wrote:
Hi,
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so
I came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
s
Thanks both Allen and Dirk :)
The ciphers should be supported by many server because thoose are used
by TLS1.0 to 1.2. So I think they should be fine. I hope :)
I did not get some real criticism yet about some stupid ciphers so I
consider my current one OK.
Regarding Allen's suggestion about
On Thu, 23 Nov 2017, Jonathan Sélea wrote:
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so I
came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smt
On 23/11/17 09:30, Jonathan Sélea wrote:
>
> My question is, can I improve this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>
Thinking at a tangent, if your messages are particularly sensitive, y
On 23/11/17 09:30, Jonathan Sélea wrote:
> My question is, can I improve this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>
If the remote host does not support the cyphers you deploy, then you
ha
