duraconf icon indicating copy to clipboard operation
duraconf copied to clipboard

Published 20 hours ago verified publisher icon ioerror

Enable TLSv1.1 and v1.2 in Postfix

Open t2d opened this issue 10 years ago • 2 comments

The config before was fixed to TLSv1.0 see http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols

t2d avatar Oct 24 '14 07:10 t2d

I would also set smtp_tls_protocols = !SSLv2, !SSLv3 in addition to disabling it in smtp_tls_mandatory_protocols. (On my server, the POODLE attack was still possible until I disabled SSLv3 in both settings)

clemensg avatar Oct 26 '14 13:10 clemensg

That was not necessary for me. But I think it doesn't hurt as well.

On 26.10.2014 14:08, Clemens Gruber wrote:

I would also set |smtp_tls_protocols = !SSLv2, !SSLv3| in addition to disabling it in |smtp_tls_mandatory_protocols|. (On my server, the POODLE attack was still possible until I disabled it in both settings)

— Reply to this email directly or view it on GitHub https://github.com/ioerror/duraconf/pull/49#issuecomment-60516876.

t2d avatar Oct 26 '14 13:10 t2d