> On Mar 29, 2018, at 5:03 PM, @lbutlr wrote:
>
> If you do this, then you do not need smtpd_tls_exclude_ciphers, right?
No, protocol versions and ciphersuites are different beasts. But with
"smtpd_tls_mandatory_ciphers = high" there's generally not much need
for any further ciphersuite exclu
On 2018-03-29 (13:15 MDT), Viktor Dukhovni wrote:
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
If you do this, then you do not need smtpd_tls_exclude_ciphers, right?
Also, do the setting above also exclude the weaker protocols like MD5 and RC2?
--
Chico: You sing-a high. Co
> On Mar 29, 2018, at 3:26 PM, J Doe wrote:
>
> Ok, I have to say I feel pretty pleased with myself - I found a solution
> roughly around when your e-mail came it, so I tried my solution first and it
> worked!
>
> I ran nmap against the server to enumerate the TLS versions in use and the
>
Hi Viktor
> On Mar 29, 2018, at 3:15 PM, Viktor Dukhovni
> wrote:
>
>
>
>> On Mar 29, 2018, at 2:56 PM, J Doe wrote:
>>
>> I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d
>> clients on the submission service.
>>
>> In master.cf I have added the following to the
> On Mar 29, 2018, at 2:56 PM, J Doe wrote:
>
> I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d
> clients on the submission service.
>
> In master.cf I have added the following to the submission service:
>
>-o smtpd_tls_ciphers=high
>-o smtpd_tls_exclude_c
Hi,
I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d
clients on the submission service.
In master.cf I have added the following to the submission service:
-o smtpd_tls_ciphers=high
-o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
-o smtpd_tls_protocols=!SSLv2,!S
