Michael Str?der: > Viktor Dukhovni wrote: > > On Thu, Aug 06, 2015 at 10:25:04AM +0200, Michael Str?der wrote: > > > >>> On Thu, Aug 06, 2015 at 09:13:53AM +0200, Sven Schwedas wrote: > >>>> Why medium and not high, while we're at it? What clients would have > >>>> problems with it? > >>> > >>> Because cleartext is not stronger than medium. If you make TLS > >>> impossible for peers that only support medium, they'll do cleartext. > >>> Raising the floor too high lowers security. Security is improved > >>> by raising the ceiling (stronger best supported ciphers), not > >>> raising the floor (removing weak ciphers that are still best > >>> available for a non-negligible set of peers). > >> > >> Viktor, I have some doubts regarding your point of view on this: > >> > >> I suspect that many admins maintaining systems only capable using medium > >> ciphers > > > > False premise. > > No, right premise.
Please, the purpose of Postfix is to deliver mail, not to force other people into adopting your specific world view. If you must, go somewhere else. Wietse