Question PFS Perfect Forward Secrecy with Plesk mailserver?

[mdde]

Hi,

i want to secure MTAs / Mails with PFS.
Will this tutorial work, Perfect Forward Secrecy (PFS) für Postfix und Dovecot einrichten - Heinlein Support - Unser Linux-Blog für Admins ?
pourly its in German.

Any Tipp or short answer would be helpfully.

 

[mdde]

I see this is already happening.
Maybe i can whipe out the weak protocols with following command:

/usr/local/psa/bin/server_pref -u -ssl-protocols "TLSv1.2"

Would this bring any disadvantages?

 

[trialotto]

@daanse

A whole lot of "clients" could be excluded from access to specific services that are set to use TLSv1.2.

For instance, a whole bunch of mobile devices running Android would not be able to make the connections.

You can obtain a whole lot of information by simply running the SSLtest tool at: SSL Server Test (Powered by Qualys SSL Labs)

Just have a look at the part "Handshake Simulation", after running a test on some random (but existing) domain.

Regards.....