paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Postfix] Security: Prefer server-side ciphers 

Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
master
Patrik Kernstock 2018-10-25 23:37:25 +02:00 committed by GitHub
parent 3094dd3822
commit 1dc9d3fa27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data/conf/postfix/main.cf
View File

@ -99,6 +99,7 @@ lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_ciphers = high
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,