bundles/postfix: disable TLS1.0 and 1.1, disable weak ciphers
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
eddabb0043
commit
b4b988e5f2
1 changed files with 5 additions and 3 deletions
|
@ -25,7 +25,8 @@ smtp_tls_note_starttls_offer = yes
|
||||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
smtp_tls_security_level = dane
|
smtp_tls_security_level = dane
|
||||||
smtp_dns_support_level = dnssec
|
smtp_dns_support_level = dnssec
|
||||||
smtp_tls_protocols = !SSLv2, !SSLv3
|
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
|
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
smtp_tls_ciphers = high
|
smtp_tls_ciphers = high
|
||||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
</%text>
|
</%text>
|
||||||
|
@ -43,8 +44,9 @@ smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
|
||||||
smtpd_data_restrictions = reject_unauth_pipelining
|
smtpd_data_restrictions = reject_unauth_pipelining
|
||||||
smtpd_tls_security_level = may
|
smtpd_tls_security_level = may
|
||||||
smtpd_tls_mandatory_ciphers = high
|
smtpd_tls_mandatory_ciphers = high
|
||||||
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
|
smtpd_tls_exclude_ciphers = aNULL,LOW,EXP,MEDIUM,ADH,AECDH,MD5,DSS,ECDSA,CAMELLIA128,3DES,CAMELLIA256,RSA+AES,eNULL
|
||||||
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
|
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
smtpd_tls_ciphers = high
|
smtpd_tls_ciphers = high
|
||||||
smtpd_tls_auth_only=yes
|
smtpd_tls_auth_only=yes
|
||||||
</%text>
|
</%text>
|
||||||
|
|
Loading…
Reference in a new issue