for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting)
This commit is contained in:
parent
6b73bb5d80
commit
5f5f00af4a
|
@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \
|
||||||
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
|
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
|
||||||
tools/editconf.py /etc/postfix/main.cf \
|
tools/editconf.py /etc/postfix/main.cf \
|
||||||
smtp_tls_protocols=\!SSLv2,\!SSLv3 \
|
smtp_tls_protocols=\!SSLv2,\!SSLv3 \
|
||||||
|
smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
|
||||||
smtp_tls_ciphers=medium \
|
smtp_tls_ciphers=medium \
|
||||||
smtp_tls_exclude_ciphers=aNULL,RC4 \
|
smtp_tls_exclude_ciphers=aNULL,RC4 \
|
||||||
smtp_tls_security_level=dane \
|
smtp_tls_security_level=dane \
|
||||||
|
|
Loading…
Reference in New Issue