[Postfix] Security: Prefer server-side ciphers

Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
master
Patrik Kernstock 2018-10-25 23:37:25 +02:00 committed by GitHub
parent 3094dd3822
commit 1dc9d3fa27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions

View File

@ -99,6 +99,7 @@ lmtp_tls_protocols = !SSLv2, !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_ciphers = high
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,