li...@rhsoft.net:
>
> Am 15.10.2014 um 17:53 schrieb Luigi Rosa:
> > Just to be on the safe side, is it worth to disable SSL v3 on
> > STARTTLS-enabled
> > Postfix configurations?
> >
> > If yes, what is the proper way to do it?
>
> if you don't need to support really old clients
> smtpd_tls_protocols = !SSLv2 !SSLv3
You may want set smtpd_tls_mandatory_protocols, and the lmtp/smtp client ones:
# Opportunistic TLS
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
# Mandatory TLS
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
Wietse
