thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

exclude SSLv3 for all TLS 

to mitigate POODLE vulnerability
Sven Neuhaus 9 years ago
parent
f338b1e15d
commit
ac59435d6e
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2
    0
      roles/mailserver/templates/etc_postfix_main.cf.j2

+ 2
- 0
roles/mailserver/templates/etc_postfix_main.cf.j2 View File 

@@ -38,6 +38,8 @@ unverified_sender_reject_code = 554
38 38 
 # TLS parameters
39 39 
 smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
40 40 
 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
41 
+smtp_tls_protocols = !SSLv2,!SSLv3
42 
+smtpd_tls_protocols = !SSLv2,!SSLv3
41 43 
 smtpd_tls_cert_file=/etc/ssl/certs/wildcard_combined.pem
42 44 
 smtpd_tls_key_file=/etc/ssl/private/wildcard_private.key
43 45 
 smtpd_use_tls=yes

Write Preview
Loading…
Cancel
Save