On 4/25/2012 4:07 AM, Mark Alan wrote: > While the postfix updates do not get into into each distribution > repositories, should we use the following? > > postconf -e 'smtpd_tls_protocols = !SSLv2, !TLSv1.2' > postconf -e 'smtp_tls_protocols = !SSLv2, !TLSv1.2'
It seems this is a reasonable setting for sites that have upgraded both openssl and postfix to latest versions. Unfortunately, the !TLSv1.2 option will give an "unknown protocol" error unless BOTH your postfix knows about that option, AND postfix is linked with an openssl version that has that option. End result is this can't be a global postfix default setting, and can't be used on older postfix versions. There is no workaround for this. -- Noel Jones
