bundles/postfix: set tls ciphers to medium to increase compatibility with centos

2022-11-04 07:05:33 +01:00 · 2022-11-04 07:05:33 +01:00 · 3db6078d9b
commit 3db6078d9b
parent 1bed137116
1 changed files with 5 additions and 5 deletions
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -33,13 +33,13 @@ smtp_tls_security_level = dane
 smtp_dns_support_level = dnssec
 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtp_tls_ciphers = high
+smtp_tls_ciphers = medium
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 </%text>
 % if node.has_bundle('postfixadmin'):
-smtpd_tls_cert_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
+smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
-smtpd_tls_key_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
+smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
 <%text>
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@ -53,8 +53,8 @@ smtpd_tls_mandatory_ciphers = high
 smtpd_tls_exclude_ciphers = aNULL,LOW,EXP,MEDIUM,ADH,AECDH,MD5,DSS,ECDSA,CAMELLIA128,3DES,CAMELLIA256,RSA+AES,eNULL
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtpd_tls_ciphers = high
+smtpd_tls_ciphers = medium
-smtpd_tls_auth_only=yes
+smtpd_tls_auth_only = yes
 </%text>
 relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf