I use hardenize.com to help me improve security on both my websites and my MiaB email servers.
Hardenize suggest the following for my MiaB email server:
“Reconfigure server to use forward secrecy and authenticated encryption”
“Even though this server supports TLS 1.2, the cipher suite configuration is suboptimal. We recommend that you reconfigure the server so that the cipher suites providing forward secrecy (ECDHE or DHE in the name, in this order of preference) and authenticated encryption (GCM or CHACHA20 in the name) are at the top. The server must also be configured to select the best-available suite.”
Is this analysis by Hardenize for my MiaB email server correct?
If yes, is it possible to change configuration for MaiB to provide ECDHE or DHE ?
Thank you in advance for taking time to read this and thx for any suggested proposals.