# postfix 3.4.6 - smtpd_tls_mandatory_exclude_ciphers



## IPTRACE (Sep 7, 2019)

Hello, Ive got an issue with excluding specific ciphers and hashes.


```
user@serv:~ % sudo postconf -n | grep exclude
smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, LOW, RC4, EXP, MEDIUM, ADH, AECDH, MD5, DSS, DES+MD5
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, LOW, RC4, EXP, MEDIUM, ADH, AECDH, MD5, DSS, DES+MD5
```

`Anonymous TLS connection established from : TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)`
But AECDH is excluded. Moreover, if I set AES256 it works and cannot connect using that.
The same issue when I exclude SHA.

Can someone test on your side?


----------

