Downgrade TLS to v1
because there are still mail servers out there that don't support newer versions
This commit is contained in:
parent
64a12f24c2
commit
7a2ff6c74a
1 changed files with 3 additions and 3 deletions
|
@ -41,8 +41,8 @@ smtpd_tls_key_file = {{ postfix_smtpd_tls_key_file }}
|
||||||
smtpd_tls_ciphers = medium
|
smtpd_tls_ciphers = medium
|
||||||
smtpd_tls_mandatory_ciphers = medium
|
smtpd_tls_mandatory_ciphers = medium
|
||||||
smtpd_tls_exclude_ciphers = aNULL, eNULL, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHA, DHE-RSA-AES256-SHA
|
smtpd_tls_exclude_ciphers = aNULL, eNULL, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHA, DHE-RSA-AES256-SHA
|
||||||
smtpd_tls_mandatory_protocols = >=TLSv1.1
|
smtpd_tls_mandatory_protocols = >=TLSv1
|
||||||
smtpd_tls_protocols = >=TLSv1.1
|
smtpd_tls_protocols = >=TLSv1
|
||||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
smtpd_tls_session_cache_timeout = 7200s
|
smtpd_tls_session_cache_timeout = 7200s
|
||||||
smtpd_tls_loglevel = 1
|
smtpd_tls_loglevel = 1
|
||||||
|
@ -57,7 +57,7 @@ smtp_tls_security_level = dane
|
||||||
smtp_dns_support_level = dnssec
|
smtp_dns_support_level = dnssec
|
||||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
smtp_tls_session_cache_timeout = 7200s
|
smtp_tls_session_cache_timeout = 7200s
|
||||||
smtp_tls_protocols = >=TLSv1.1
|
smtp_tls_protocols = >=TLSv1
|
||||||
{% if postfix_smtp_tls_policy_maps is defined %}
|
{% if postfix_smtp_tls_policy_maps is defined %}
|
||||||
smtp_tls_policy_maps =
|
smtp_tls_policy_maps =
|
||||||
{% for map in postfix_smtp_tls_policy_maps %}
|
{% for map in postfix_smtp_tls_policy_maps %}
|
||||||
|
|
Loading…
Reference in a new issue