Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
postfix [2018/10/30 16:45] steve [Virtual Domains and Aliases] |
postfix [2018/10/30 16:56] steve [Security] |
||
---|---|---|---|
Line 96: | Line 96: | ||
</code> | </code> | ||
- | Postfix can define which protocols and ciphers to ignore, and set the preferred order as well. Here, ignore TLSv1 and use stronger ciphers: | + | Postfix can define which protocols and ciphers to ignore, and set the preferred order as well. Here, ignore TLSv1 and use stronger ciphers. |
+ | |||
+ | Also, if you are using OpenSSL 1.1.1 or higher, you can add TLSv1.3 to the list. | ||
<code> | <code> | ||
Line 122: | Line 124: | ||
</code> | </code> | ||
- | You can find the ciphers or cipher family you'd like to drop by specifying the cipher list: | + | You can find the ciphers or cipher family you'd like to drop by specifying the cipher list. For example:: |
<code> | <code> | ||
- | openssl ciphers aNULL | + | openssl ciphers MD5:aNULL |
</code> | </code> | ||
Line 131: | Line 133: | ||
<code> | <code> | ||
- | smtp_tls_exclude_ciphers = aNULL | + | smtp_tls_exclude_ciphers = MD5, aNULL |
- | smtp_tls_mandatory_exclude_ciphers = aNULL | + | smtp_tls_mandatory_exclude_ciphers = MD5, aNULL |
- | smtpd_tls_exclude_ciphers = aNULL | + | smtpd_tls_exclude_ciphers = MD5, aNULL |
- | smtpd_tls_mandatory_exclude_ciphers = aNULL | + | smtpd_tls_mandatory_exclude_ciphers = MD5, aNULL |
</code> | </code> | ||