Wietse Venema <wie...@porcupine.org> writes:
> micah anderson:
>> Eray Aslan <er...@a21an.org> writes:
>>
>> > On Wed, Dec 19, 2018 at 02:36:50PM -0500, Viktor Dukhovni wrote:
>> >> If there are no objections, I can change the default to "may" when
>> >> TLS is compiled in.
>> >
>> > No objections for setting smtp_tls_security_level. Thanks for your
>> > effort.
>>
>> I just wanted to circle back to this thread - it seems like nobody had
>> any objections to this change, and there were even proposed changes
>> sent, but I don't see that it ever got integrated?
>
> What was the idea: change the default when built with TLS support?
That is right, change it to 'may', since it requires no certificates to
be generated. Because it will do opportunistic + fallback if things
don't work, it seems a harmless improvement.
> Meanwhile, we should consider enabling smtp_tls_connection_reuse,
> too, otherwise the high-volume case can have an unexpected performance
> difference between plaintext deliveries and TLS (namely, one TCP
> handshake plus one TLS handshake per delivery).
Good idea!
--
micah
