Enable TLSv1.1 and v1.2 in Postfix

ioerror / duraconf

duraconf - A collection of hardened configuration files for SSL/TLS services

http://www.appelbaum.net/

977 stars 91 forks source link

Enable TLSv1.1 and v1.2 in Postfix #49

Open t2d opened 9 years ago

t2d commented 9 years ago

The config before was fixed to TLSv1.0 see http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols

clemensg commented 9 years ago

I would also set smtp_tls_protocols = !SSLv2, !SSLv3 in addition to disabling it in smtp_tls_mandatory_protocols. (On my server, the POODLE attack was still possible until I disabled SSLv3 in both settings)

t2d commented 9 years ago

That was not necessary for me. But I think it doesn't hurt as well.

On 26.10.2014 14:08, Clemens Gruber wrote:

I would also set |smtp_tls_protocols = !SSLv2, !SSLv3| in addition to disabling it in |smtp_tls_mandatory_protocols|. (On my server, the POODLE attack was still possible until I disabled it in both settings)

— Reply to this email directly or view it on GitHub https://github.com/ioerror/duraconf/pull/49#issuecomment-60516876.