On 2017-03-20 12:23, Postfix User wrote:
I am looking for a little guidance regarding deploying Diffie-Hellman for TLS. According to this URL: https://www.weakdh.org/sysadmin.html, the following are recommended settings for Postfix. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA I would just like to know if this is correct. Also, what are the recommended settings for the postfix "smtp_tls_exclude_ciphers" setting? Thank you.
https://bettercrypto.org/static/applied-crypto-hardening.pdf has several very good recommendations for various servives (including Postfix).
