On 2023-03-18 at 09:54:15 UTC-0400 (Sat, 18 Mar 2023 14:54:15 +0100)
Gerd Hoerst via Postfix-users <[email protected]>
is rumored to have said:
Hi !
I setup my postfix for the clients to use only protocols > TLSv1
with
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
in main.cf
Why?
but unfortunately i have a sender (its a printer) which is not capable
for TLSv1.1 and up..
How can i manage to use TLSv1.1 and up from outside but allow TLSv1
from inside my network
What do you believe to be the risk of allowing TLSv1.0 for SMTP?
My understanding is that the marginal risks of TLSv1.0 are not relevant
to SMTP. It is also inherently counter-productive to prohibit TLSv1.0 if
you allow unencrypted SMTP as a fallback.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
