On Wed, Apr 29, 2009 at 08:40:12AM -0400, Wietse Venema wrote:
> TLS changes since release candidate 2:
> ======================================
>
> The Postfix SMTP client(!) no longer tries to use the obsolete SSLv2
> protocol by default, as this may prevent the use of modern SSL
> features. Lack of SSLv2 support should never be a problem, since
> SSLv3 was defined in 1996, and TLSv1 in 2006, but you can undo the
> change by specifying empty main.cf values for smtp_tls_protocols
> and lmtp_tls_protocols. The Postfix SMTP server maintains SSLv2
> support for backwards compatibility with ancient clients.
One minor correction: TLS 1.0 is from 1999:
http://tools.ietf.org/html/rfc2246
The revised TLS 1.1 from 2006 is what is typically used by most
clients and servers:
http://tools.ietf.org/html/rfc4346
The latest TLS 1.2 from 2008 is not yet widely implemented.
http://tools.ietf.org/html/rfc5246
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
