On Fri, 2013-11-29 at 18:43 +0200, Marko Kreen wrote:
> Well, we should - the DEFAULT is clearly a client-side default
> for compatibility only. No server should ever run with it.
Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to some variant of
DEFAULT:!LOW:... or HIGH:MEDIUM:.... The proposal here is essentially
to disable MEDIUM ciphers by default, which is explicitly advised
against in the Postfix and Dovecot documentation, for example.