> On Mar 13, 2018, at 11:36 AM, LuKreme <krem...@kreme.com> wrote: > > In general, or these specific exclusions?
Mostly in general. Why do cleartext with clients that can't do strong ciphers, let them encrypt with their medium ciphers. > I've had > > smtpd_tls_exclude_ciphers = MD5, SEED, IDEA, RC2, RC4 > > For a pretty long time now That said, the above are fine to exclude, they are just unnecessary attack surface, with the exception of "RC4" nobody needs these for interoperability at this time. And even "RC4" use is vanishingly small. -- Viktor.