On Tue, 24 Apr 2012 19:42:20 -0400 (EDT), Wietse Venema <wie...@porcupine.org> wrote:
> So, TLSv1.2 is giving trouble. > ... > Works with OpenSSL 1.0.1a with "smtp_tls_protocols = !TLSv1.2": > ... > So it is a good thing that I put out those updates today. > ... > Which leaves me wondering how other MTAs deal with this. Given the > way OpenSSL works, there is no way for a program to specify what > TLS protocols it wants to use. Instead, a program can only specify > what TLS protocols it does not want. This means that new code needs > to be added whenever a new protocol is added to OpenSSL, otherwise > that protocol can't be turned off. While the postfix updates do not get into into each distribution repositories, should we use the following? postconf -e 'smtpd_tls_protocols = !SSLv2, !TLSv1.2' postconf -e 'smtp_tls_protocols = !SSLv2, !TLSv1.2' M.
