> On Mar 13, 2018, at 11:36 AM, LuKreme <krem...@kreme.com> wrote:
>
> In general, or these specific exclusions?
Mostly in general. Why do cleartext with clients that can't do strong ciphers,
let them encrypt with their medium ciphers.
> I've had
>
> smtpd_tls_exclude_ciphers = MD5, SEED, IDEA, RC2, RC4
>
> For a pretty long time now
That said, the above are fine to exclude, they are just unnecessary
attack surface, with the exception of "RC4" nobody needs these for
interoperability at this time. And even "RC4" use is vanishingly
small.
--
Viktor.
