Currently I have the following in main.cf: smtp_tls_exclude_ciphers = aNULL smtpd_tls_exclude_ciphers = aNULL
According to weakdh.org/sysadmin.html, I should have this: smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem Do I open myself to potential compatibility problems by making this change? Should I make this change for smtp_tls_exclude_ciphers as well? Should I use the same dhparams.pem file that I use for nginx, or generate a new one for postfix? - Grant