Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
postfix [2018/10/30 16:45] steve [Virtual Domains and Aliases] |
postfix [2018/10/30 16:56] steve [Security] |
||
|---|---|---|---|
| Line 96: | Line 96: | ||
| </code> | </code> | ||
| - | Postfix can define which protocols and ciphers to ignore, and set the preferred order as well. Here, ignore TLSv1 and use stronger ciphers: | + | Postfix can define which protocols and ciphers to ignore, and set the preferred order as well. Here, ignore TLSv1 and use stronger ciphers. |
| + | |||
| + | Also, if you are using OpenSSL 1.1.1 or higher, you can add TLSv1.3 to the list. | ||
| <code> | <code> | ||
| Line 122: | Line 124: | ||
| </code> | </code> | ||
| - | You can find the ciphers or cipher family you'd like to drop by specifying the cipher list: | + | You can find the ciphers or cipher family you'd like to drop by specifying the cipher list. For example:: |
| <code> | <code> | ||
| - | openssl ciphers aNULL | + | openssl ciphers MD5:aNULL |
| </code> | </code> | ||
| Line 131: | Line 133: | ||
| <code> | <code> | ||
| - | smtp_tls_exclude_ciphers = aNULL | + | smtp_tls_exclude_ciphers = MD5, aNULL |
| - | smtp_tls_mandatory_exclude_ciphers = aNULL | + | smtp_tls_mandatory_exclude_ciphers = MD5, aNULL |
| - | smtpd_tls_exclude_ciphers = aNULL | + | smtpd_tls_exclude_ciphers = MD5, aNULL |
| - | smtpd_tls_mandatory_exclude_ciphers = aNULL | + | smtpd_tls_mandatory_exclude_ciphers = MD5, aNULL |
| </code> | </code> | ||
