Hi. After update to 3.2 on first production server. On a server i need to allow TLSv1 and TLSv1.1 for Postfix some more years. Is it ok to just comment out in /etc/postfix/main.cf: EDITED, see below: Code: #tls_medium_cipherlist = .... Or more needed ? Its seems to work when testing with online SMTP tools. Code: DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found TLSv1.2 TLSv1.1 TLSv1.0 Or does someone have a better cipherlist ?