From 3db6078d9b9043eabd2c2634efb501dec90a6c25 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Fri, 4 Nov 2022 07:05:33 +0100
Subject: [PATCH] bundles/postfix: set tls ciphers to medium to increase
 compatibility with centos

---
 bundles/postfix/files/main.cf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/bundles/postfix/files/main.cf b/bundles/postfix/files/main.cf
index 93fe0cf..403c2ea 100644
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@@ -33,13 +33,13 @@ smtp_tls_security_level = dane
 smtp_dns_support_level = dnssec
 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtp_tls_ciphers = high
+smtp_tls_ciphers = medium
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 </%text>
 
 % if node.has_bundle('postfixadmin'):
-smtpd_tls_cert_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
-smtpd_tls_key_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
+smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
+smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
 <%text>
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@@ -53,8 +53,8 @@ smtpd_tls_mandatory_ciphers = high
 smtpd_tls_exclude_ciphers = aNULL,LOW,EXP,MEDIUM,ADH,AECDH,MD5,DSS,ECDSA,CAMELLIA128,3DES,CAMELLIA256,RSA+AES,eNULL
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtpd_tls_ciphers = high
-smtpd_tls_auth_only=yes
+smtpd_tls_ciphers = medium
+smtpd_tls_auth_only = yes
 </%text>
 
 relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf