bundles/postfix: set tls ciphers to medium to increase compatibility with centos
This commit is contained in:
parent
1bed137116
commit
3db6078d9b
1 changed files with 5 additions and 5 deletions
|
@ -33,13 +33,13 @@ smtp_tls_security_level = dane
|
|||
smtp_dns_support_level = dnssec
|
||||
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtp_tls_ciphers = high
|
||||
smtp_tls_ciphers = medium
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
</%text>
|
||||
|
||||
% if node.has_bundle('postfixadmin'):
|
||||
smtpd_tls_cert_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
|
||||
smtpd_tls_key_file=/var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
|
||||
smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
|
||||
smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
|
||||
<%text>
|
||||
smtpd_use_tls=yes
|
||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||
|
@ -53,8 +53,8 @@ smtpd_tls_mandatory_ciphers = high
|
|||
smtpd_tls_exclude_ciphers = aNULL,LOW,EXP,MEDIUM,ADH,AECDH,MD5,DSS,ECDSA,CAMELLIA128,3DES,CAMELLIA256,RSA+AES,eNULL
|
||||
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||
smtpd_tls_ciphers = high
|
||||
smtpd_tls_auth_only=yes
|
||||
smtpd_tls_ciphers = medium
|
||||
smtpd_tls_auth_only = yes
|
||||
</%text>
|
||||
|
||||
relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf
|
||||
|
|
Loading…
Reference in a new issue