Daniel Hiepler via Postfix-users skrev den 2024-06-07 10:20:
My cipher config is:
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, LOW, 3DES, MD5,
EXP, PSK, SRP, DSS, DES, RC4, PSK
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
tls_medium_cipherlist =
aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@STRENGTH
tls_preempt_cipherlist = yes
tls_session_ticket_cipher = aes-256-cbc
Any hint is highly appreciated.
xpoint@tux ~ $ postconf -d | grep mandatory
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = >=TLSv1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = >=TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = >=TLSv1
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers =
$smtpd_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
why change them ?
i am not tls expert so i try to keep good defaults from postconf -d
note smtpd_ is your server not major mailprovider
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
