WIP: Mozilla SSL
-
do dovecot (see GitHub PR on https://github.com/mozilla/ssl-config-generator/) -
for server-to-server SMTP, we'll probably have to tolerate older crypto etc. -
should we even risk allowing the user to fiddle with it? -
if a client can't negotiate SSL, do they fall back to cleartext, or does delivery fail?
-
-
upstream the postfix dhparam stuff? -
testing. upgrading postfix's openssl seems a big step, but maybe not. -
do we need to generate non-RSA keys? -
send a patch to postfix http://www.postfix.org/lists.html to allow setting ciphersuites -
dovecot ciphersuites patch -
dovecot tlsv1.3 min patch -
postfix: smtp_tls_* as well as smtpd_tls_* (upstream to Mozilla conf?)
Edited by Joey Hewitt