Michael Str?der:
> Viktor Dukhovni wrote:
> > On Thu, Aug 06, 2015 at 10:25:04AM +0200, Michael Str?der wrote:
> >
> >>> On Thu, Aug 06, 2015 at 09:13:53AM +0200, Sven Schwedas wrote:
> >>>> Why medium and not high, while we're at it? What clients would have
> >>>> problems with it?
> >>>
> >>> Because cleartext is not stronger than medium. If you make TLS
> >>> impossible for peers that only support medium, they'll do cleartext.
> >>> Raising the floor too high lowers security. Security is improved
> >>> by raising the ceiling (stronger best supported ciphers), not
> >>> raising the floor (removing weak ciphers that are still best
> >>> available for a non-negligible set of peers).
> >>
> >> Viktor, I have some doubts regarding your point of view on this:
> >>
> >> I suspect that many admins maintaining systems only capable using medium
> >> ciphers
> >
> > False premise.
>
> No, right premise.
Please, the purpose of Postfix is to deliver mail, not to force
other people into adopting your specific world view.
If you must, go somewhere else.
Wietse
