> On Jan 15, 2019, at 3:39 PM, Stefan Bauer wrote:
>
> I just want to set allowed ciphers but can not enforce encryption generally.
You cannot enforce encryption on the submission port? Why not?
> this seems to be a limitation and not possible right?
The ciphers are configurable, but the reco
now i got it. sorry and thank you for your help.
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrote:
>>
>> -o smtpd_tls_mandatory_ciphers=high
>> -o tls_preempt_cipherlist=yes
>> -o
tls_high_cipherlist=EDH+CAME
I just want to set allowed ciphers but can not enforce encryption
generally. this seems to be a limitation and not possible right?
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrote:
>>
>> -o smtpd_tls_mandatory_
> On Jan 15, 2019, at 8:39 AM, Stefan Bauer wrote:
>
> -o smtpd_tls_mandatory_ciphers=high
> -o tls_preempt_cipherlist=yes
> -o
> tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNUL
stefan Bauer:
> Nessus reports for example TLS_RSA_WITH_SEED_CBC_SHA as weak on our
> submission port. So i was using the following to disable all SEED ciphers
> on submission port but it has no effect:
>
> -o smtpd_tls_mandatory_ciphers=high
> -o tls_preempt_cipherlist=yes
> -o
> tls_high_ciph
