On Thu, Jan 8, 2026 at 1:47 PM Wietse Venema via Postfix-devel <[email protected]> wrote: > > Fedor Vorobev via Postfix-devel: > > +#define VAR_TLS_SYSTEM_CLIST "tls_system_cipherlist" > > +#define DEF_TLS_SYSTEM_CLIST "PROFILE=SYSTEM" > > Why not reuse one of the existing *_cipherlist parameters? > For example, tls_medium_cipherlist = PROFILE=SYSTEM. > The idea is to have some abstractions for whatever the underlying OS uses as the "system", so the postfix user could select the 'system' grade and needn't care about the implementation details which will be set by the downstream packagers. In postfix upstream it could be preset to the openssl default policy. Currently, Ubuntu and SUSE are also trying to deploy system wide crypto policy and other distros will probably sooner or later come up with something similar
thanks & regards Jaroslav _______________________________________________ Postfix-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
