Force TLS1.1 as minimum TLS version
This commit is contained in:
parent
e565f74dd6
commit
64a12f24c2
1 changed files with 3 additions and 5 deletions
|
@ -41,9 +41,8 @@ smtpd_tls_key_file = {{ postfix_smtpd_tls_key_file }}
|
|||
smtpd_tls_ciphers = medium
|
||||
smtpd_tls_mandatory_ciphers = medium
|
||||
smtpd_tls_exclude_ciphers = aNULL, eNULL, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHA, DHE-RSA-AES256-SHA
|
||||
#Einige berechtigte Mailserver nutzen nur TLSv1
|
||||
#smtpd_tls_mandatory_protocols = !TLSv1
|
||||
#smtpd_tls_protocols = !TLSv1
|
||||
smtpd_tls_mandatory_protocols = >=TLSv1.1
|
||||
smtpd_tls_protocols = >=TLSv1.1
|
||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||
smtpd_tls_session_cache_timeout = 7200s
|
||||
smtpd_tls_loglevel = 1
|
||||
|
@ -58,8 +57,7 @@ smtp_tls_security_level = dane
|
|||
smtp_dns_support_level = dnssec
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
smtp_tls_session_cache_timeout = 7200s
|
||||
#Some mailserver use only TLSv1. Hence we can't disable it.
|
||||
#smtp_tls_protocols = !TLSv1
|
||||
smtp_tls_protocols = >=TLSv1.1
|
||||
{% if postfix_smtp_tls_policy_maps is defined %}
|
||||
smtp_tls_policy_maps =
|
||||
{% for map in postfix_smtp_tls_policy_maps %}
|
||||
|
|
Loading…
Reference in a new issue