Jaroslaw Rafa wrote in <20230318191215.gb30...@rafa.eu.org>: |Dnia 18.03.2023 o godz. 14:54:15 Gerd Hoerst via Postfix-users pisze: |> I setup my postfix for the clients to use only protocols > TLSv1 with |> |> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1 |> smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 | |While the former makes some sense (requiring TLS>=1.1 for mail *submission* |from your users) - most mail clients are able to conform to this - \ |the latter |(requiring TLS>=1.1 for *incoming* mail on port 25) does not. Don't do it.
I still have no problems with smtpd_tls_mandatory_protocols = >=TLSv1.2 smtpd_tls_protocols = $smtpd_tls_mandatory_protocols # super modern, forward secrecy TLSv1.2 / TLSv1.3 selection.. tls_high_cipherlist = EECDH+AESGCM:EECDH+AES256:EDH+AESGCM:CHACHA20 smtpd_tls_mandatory_ciphers = high Neither for lighttpd nor for postfix. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
