Michael B Allen:
> On Fri, Sep 2, 2011 at 12:41 PM, Wietse Venema <wie...@porcupine.org> wrote:
> > Michael B Allen:
> >> Hello,
> >>
> >> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
> >> I do the following:
> >>
> >> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> >> smtpd_tls_mandatory_ciphers = medium, high
> >
> > This is for mandatory TLS.
> >
> >> If I add smtpd_tls_security_level = encrypt it then works but then
> >
> > You are using opportunistic TLS instead of mandatory TLS. As
> > documented, that is controlled with smtpd_tls_protocols/ciphers.
>
> Hi Wietse,
>
> But it seems the smtpd_tls_protocols/ciphers directives are specific to 2.6?
>
> Is there any way to disable SSLv2 in postfix 2.3?
If you use opportunistic TLS then you are willing to accept plaintext,
i.e. no security. Under those conditions, it does not matter what
cipher or crypto protocol the client uses.
BTW, Postfix 2.3 was developed in 2005, released in 2006, and support
was terminated in 2009.
Wietse
