On 2015-08-06 09:08, Viktor Dukhovni wrote: > > You should in most cases update main.cf by setting: > > # Exclude obsolete weak crypto. > # > smtpd_tls_protocols = !SSLv2, !SSLv3 > smtpd_tls_ciphers = medium > smtp_tls_protocols = !SSLv2, !SSLv3 > smtp_tls_ciphers = medium >
If I set "smtpd_tls_ciphers = medium", then the 512-bit DH parameter file will no longer be used for forward secrecy. Correct? can I delete the following line? smtpd_tls_dh512_param_file = /etc/ssl/private/dh512.pem is that correct?
