The Postfix 2.8 SMTP server will not be alone in enabling server-side Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu) have ECDHE ciphers enabled: Trusted TLS connection established to saybrook.edu.pri-mx.smtproutes.com[174.36.154.101]:25: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Ditto with redcondor.net/rcimx.net (e.g. sonoma.edu) Untrusted TLS connection established to sonoma.edu.mx1.ssu.rcimx.net[130.157.4.21]:25: TLSv1 with cipher ECDHE-RSA-DES-CBC3-SHA (168/168 bits) Neither hosting service uses Postfix. More reason to expect that the new cipher suites are safe enough to enable. -- Viktor.