Do we need Ciphers in Postfix Dovecot configs?

Help! (Home for newbies)
1

Ciphers some weak are not default excluded, but don’t know are they needed or a howto in the WIKI / DOCS Virtualmin?

As http://postfix.1071664.n5.nabble.com/Strong-Ciphers-to-use-with-Postfix-td88916.html default testing could give this result
Algorithm weak
ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA

SSLv3</code>

https://ssl-tools.net/mailservers

and example # TLS Server
smtpd_tls_exclude_ciphers = RC4, aNULL

TLS Client

smtp_tls_exclude_ciphers = RC4, aNULL

the aNULL for blocking anonymous DH and ECDH algorithms to avoid MITM attacks

2

Ok maybe should be new topic, or offtopic but the ssllabs test for https://www.virtualmin.com gives B grade while also something with cipher protocol, don;t know this site is running on VM6?
This server accepts RC4 cipher, but only with older protocols. Grade capped to B. 3 RC4 insecure ciphers plus extra 4 weak other ciphers in test.

We have A+ but not using the Apache part ( package)VM6.01 GPL

3

Yea better change/add/delete some ciphers i think, don’t know or the aNULL will help to prevent MITM attacks on the new WIFI LEAK, while ofcourse its about [WIFI Clients] and [AP] but …

https://www.krackattacks.com/#details-android