On 2015-08-06 09:08, Viktor Dukhovni wrote:
> 
> You should in most cases update main.cf by setting:
> 
>     # Exclude obsolete weak crypto.
>     #
>     smtpd_tls_protocols = !SSLv2, !SSLv3
>     smtpd_tls_ciphers = medium
>     smtp_tls_protocols = !SSLv2, !SSLv3
>     smtp_tls_ciphers = medium
> 

If I set "smtpd_tls_ciphers = medium", then the 512-bit DH parameter
file will no longer be used for forward secrecy. Correct?

can I delete the following line?
smtpd_tls_dh512_param_file  = /etc/ssl/private/dh512.pem

is that correct?

Reply via email to