From ec50f7afcbfd2bb48c19103fded165a0430b4b1d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 23 Feb 2016 21:03:12 +0100 Subject: [PATCH] Use "smtpd_tls_ciphers = medium" for TLS security. --- roles/mail/templates/postfix/main.cf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mail/templates/postfix/main.cf.j2 b/roles/mail/templates/postfix/main.cf.j2 index 80c4880..faf74e8 100644 --- a/roles/mail/templates/postfix/main.cf.j2 +++ b/roles/mail/templates/postfix/main.cf.j2 @@ -35,11 +35,11 @@ smtpd_tls_key_file=/etc/postfix/ssl/{{ ansible_fqdn }}.key #smtpd_tls_CAfile=TODO smtpd_use_tls=yes +smtpd_tls_ciphers = medium + smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA - # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client.