Hi everyone, I am currently assessing the TLS security of a Postfix mail server and among other things sslscan reported that the server allows a (non-EC) DH exchange with only 1024 bits. While one solution would be to only allow ECDH(E) and disable DH(E) entirely, I would rather like to keep support for DH(E) for compatibility reasons but only enforce a lower limit on the size of the finite group (maybe 2048 bit, or even 3072 bits preferably). How do I do that with Postfix? I cannot find any smptd_tls_... setting which seems related to that aspect.
Bests, Matthias _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
