On 19/03/23 02:54, Gerd Hoerst via Postfix-users wrote:
I setup my postfix for the clients to use only protocols > TLSv1 with
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
A better way to do this is:
smtpd_tls_protocols = >=TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
Don't do this! All you will accomplish is to force clients that don't
support at least TLSv1.1 to connect in plain text instead. No
encryption is never better than (arguably not very) weak encryption.
in main.cf
but unfortunately i have a sender (its a printer) which is not capable
for TLSv1.1 and up..
As others have pointed out, TLSv1.0 is not that bad for smtp. Others
have posted a solution for this, but honestly I would just allow >=TLSv1
and not worry about it.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
