Commit 5f5f00af authored by Joshua Tauberer's avatar Joshua Tauberer

for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to...

for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting)
parent 6b73bb5d
...@@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \ ...@@ -160,6 +160,7 @@ tools/editconf.py /etc/postfix/main.cf \
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`. # now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \
smtp_tls_protocols=\!SSLv2,\!SSLv3 \ smtp_tls_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_ciphers=medium \ smtp_tls_ciphers=medium \
smtp_tls_exclude_ciphers=aNULL,RC4 \ smtp_tls_exclude_ciphers=aNULL,RC4 \
smtp_tls_security_level=dane \ smtp_tls_security_level=dane \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment