commit e9b25406627e8ec4c7e862d99186464a88fce81a Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Fri Sep 15 12:29:16 2017 +0200 Improve postfix hv01 tls part 1 .../main.cf/main.cf.hv01.online.rpmfusion.net | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net index f38ca7d..13f81de 100644 --- a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net +++ b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net @@ -745,6 +745,9 @@ smtpd_tls_auth_only = yes smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4 +smtpd_tls_protocols = $smtpd_tls_mandatory_protocols +smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers +smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers #tls_ssl_options = no_ticket, no_compression smtpd_tls_loglevel = 1 @@ -760,6 +763,7 @@ tls_random_source = dev:/dev/urandom smtpd_tls_eecdh_grade = ultra tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 +tls_preempt_cipherlist = yes # TLS end #TLS Client smtp_tls_fingerprint_digest=sha1 @@ -769,6 +773,9 @@ smtp_tls_security_level = may smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4 +smtp_tls_protocols = $smtp_tls_mandatory_protocols +smtp_tls_ciphers = $smtp_tls_mandatory_ciphers +smtp_tls_exclude_ciphers = $smtp_tls_mandatory_exclude_ciphers smtp_tls_loglevel = 1 smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt smtp_tls_key_file = /etc/pki/tls/private/localhost.key