From 3f329bc1a868345ac3a35dc539a66a8c8592861a Mon Sep 17 00:00:00 2001 From: Eric Mill Date: Fri, 29 May 2015 01:38:42 -0400 Subject: [PATCH] fix typos --- security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security.md b/security.md index 3132d245..2b30d383 100644 --- a/security.md +++ b/security.md @@ -84,7 +84,7 @@ Incoming Mail ### Encryption -As discussed above, there is no way to require on-the-wire encrpytion of mail. When the box receives an incoming email (SMTP on port 25), it offers encrpytion (STARTTLS) but cannot require that senders use it because some senders may not support STARTTLS at all and other senders may support STARTTLS but not with the latest protocols/ciphers. To give senders the best chance at making use of encryption, the box offers protocols back to SSLv3 and ciphers with key lengths as low as 112 bits. Modern clients (senders) will make use of the 256-bit ciphers and Diffie-Hellman ciphers with a 2048-bit key for forward secrecy, however. ([source](setup/mail-postfix.sh)) +As discussed above, there is no way to require on-the-wire encryption of mail. When the box receives an incoming email (SMTP on port 25), it offers encryption (STARTTLS) but cannot require that senders use it because some senders may not support STARTTLS at all and other senders may support STARTTLS but not with the latest protocols/ciphers. To give senders the best chance at making use of encryption, the box offers protocols back to SSLv3 and ciphers with key lengths as low as 112 bits. Modern clients (senders) will make use of the 256-bit ciphers and Diffie-Hellman ciphers with a 2048-bit key for forward secrecy, however. ([source](setup/mail-postfix.sh)) ### DANE