The Postfix 2.8 SMTP server will not be alone in enabling server-side
Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu)
have ECDHE ciphers enabled:
Trusted TLS connection established to
saybrook.edu.pri-mx.smtproutes.com[174.36.154.101]:25:
TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Ditto with redcondor.net/rcimx.net (e.g. sonoma.edu)
Untrusted TLS connection established to
sonoma.edu.mx1.ssu.rcimx.net[130.157.4.21]:25:
TLSv1 with cipher ECDHE-RSA-DES-CBC3-SHA (168/168 bits)
Neither hosting service uses Postfix. More reason to expect that the
new cipher suites are safe enough to enable.
--
Viktor.
