1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting)

This commit is contained in:
Joshua Tauberer 2016-06-12 09:08:08 -04:00
parent 6b73bb5d80
commit 5f5f00af4a

View File

@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`. # now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \
smtp_tls_protocols=\!SSLv2,\!SSLv3 \ smtp_tls_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_ciphers=medium \ smtp_tls_ciphers=medium \
smtp_tls_exclude_ciphers=aNULL,RC4 \ smtp_tls_exclude_ciphers=aNULL,RC4 \
smtp_tls_security_level=dane \ smtp_tls_security_level=dane \