> On May 21, 2018, at 5:16 PM, Sean Son <[email protected]>
> wrote:
>
> lmtp_tls_mandatory_protocols = !SSLv2
> lmtp_tls_protocols = !SSLv2
> smtp_tls_mandatory_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_protocols =
>
> i was informed by our security team that my postfix server has SSL Version 2
> and 3 protocol detected and SSL Medium Strength Cipher suites supported. I am
> supposed to fix those two issues. Any suggestions on what I should do to
> fix them with out breaking opportunistic TLS is greatly appreciated!
Change the settings to the posted Postfix 3.0+ defaults.
As for the medium ciphers. Set "smtpd_tls_ciphers" and/or
"smtp_tls_ciphers" to "high" if your logs for the past few
months don't show any use of weaker ciphers (apart from any
connections by internet-wide security scanners, which you
should be able to recognize).
--
Viktor.
