Hi !
I read a tutorial to harden postfix and there they trew out TLSv1
Ciao Gerd
Am 18.03.2023 um 16:07 schrieb Bill Cole via Postfix-users:
On 2023-03-18 at 09:54:15 UTC-0400 (Sat, 18 Mar 2023 14:54:15 +0100)
Gerd Hoerst via Postfix-users <g...@hoerst.net>
is rumored to have said:
Hi !
I setup my postfix for the clients to use only protocols > TLSv1 with
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
in main.cf
Why?
but unfortunately i have a sender (its a printer) which is not
capable for TLSv1.1 and up..
How can i manage to use TLSv1.1 and up from outside but allow TLSv1
from inside my network
What do you believe to be the risk of allowing TLSv1.0 for SMTP?
My understanding is that the marginal risks of TLSv1.0 are not
relevant to SMTP. It is also inherently counter-productive to prohibit
TLSv1.0 if you allow unencrypted SMTP as a fallback.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
