I was forced to upgrade our mail server to CentOS 8 (thanks to hardware failure on the old machine). I've successfully built an RPM of OpenSMTPD for CentOS 8 and it's running nicely, however I've a problem with the global crypto policies in CentOS 8.

Namely the DEFAULT crypto policy disables TLSv1 for OpenSMTPD. Has anyone got any experience on how to allow TLSv1 for OpenSMTPD without downgrading the whole system from DEFAULT to LEGACY crypto policy?

OpenSMTPD has "smtp ciphers" directive which does overwrite the global ciphers set by the crypto policy, but there doesn't seem to be a way to set minimum TLS version for OpenSMTPD.

Any help would be welcome!


Reply via email to