for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting)

This commit is contained in:
Joshua Tauberer 2016-06-12 09:08:08 -04:00
parent 6b73bb5d80
commit 5f5f00af4a
1 changed files with 1 additions and 0 deletions

View File

@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
tools/editconf.py /etc/postfix/main.cf \
smtp_tls_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_ciphers=medium \
smtp_tls_exclude_ciphers=aNULL,RC4 \
smtp_tls_security_level=dane \