duraconf icon indicating copy to clipboard operation
duraconf copied to clipboard

Published 20 hours ago verified publisher icon ioerror

Enable TLSv1.1 and v1.2 in Postfix

Open t2d opened this issue 9 years ago • 2 comments

The config before was fixed to TLSv1.0 see http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols

t2d avatar Oct 24 '14 07:10 t2d

I would also set smtp_tls_protocols = !SSLv2, !SSLv3 in addition to disabling it in smtp_tls_mandatory_protocols. (On my server, the POODLE attack was still possible until I disabled SSLv3 in both settings)

clemensg avatar Oct 26 '14 13:10 clemensg

That was not necessary for me. But I think it doesn't hurt as well.

On 26.10.2014 14:08, Clemens Gruber wrote:

I would also set |smtp_tls_protocols = !SSLv2, !SSLv3| in addition to disabling it in |smtp_tls_mandatory_protocols|. (On my server, the POODLE attack was still possible until I disabled it in both settings)

— Reply to this email directly or view it on GitHub https://github.com/ioerror/duraconf/pull/49#issuecomment-60516876.

t2d avatar Oct 26 '14 13:10 t2d