Browse Source

postfix expects listed TLS-versions.

master
Denis Knauf 2 years ago
parent
commit
3049e878a0
  1. 16
      tasks/postfix.yml

16
tasks/postfix.yml

@ -35,16 +35,16 @@
smtpd_tls_auth_only: 'yes'
tls_ssl_options: NO_COMPRESSION
# Some servers are crapy. If we provide only TLSv1.2, he would try it unencrypted again.
smtpd_tls_mandatory_protocols: '>=TLSv1.2'
smtpd_tls_protocols: '>=TLSv1.2'
smtpd_tls_mandatory_protocols: 'TLSv1.2, TLSv1.3'
smtpd_tls_protocols: 'TLSv1.2, TLSv1.3'
# Same for sending mails: :/
smtp_tls_mandatory_protocols: '>=TLSv1.2'
smtp_tls_protocols: '>=TLSv1.2'
smtp_tls_mandatory_protocols: 'TLSv1.2, TLSv1.3'
smtp_tls_protocols: 'TLSv1.2, TLSv1.3'
# Internal/Clients must support better crypto:
lmtp_tls_mandatory_protocols: '>=TLSv1.2'
lmtp_tls_protocols: '>=TLSv1.2'
submission_tls_mandatory_protocols: '>=TLSv1.2'
submission_tls_protocols: '>=TLSv1.2'
lmtp_tls_mandatory_protocols: 'TLSv1.2, TLSv1.3'
lmtp_tls_protocols: 'TLSv1.2, TLSv1.3'
submission_tls_mandatory_protocols: 'TLSv1.2, TLSv1.3'
submission_tls_protocols: 'TLSv1.2, TLSv1.3'
smtpd_tls_mandatory_ciphers: high
#tls_high_cipherlist: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
smtpd_tls_exclude_ciphers: MD5, DES, eNULL, 3DES, EXP, RC4, DSS, PSK, SEED, IDEA, ECDSA, aNULL

Loading…
Cancel
Save