I was forced to upgrade our mail server to CentOS 8 (thanks to hardware
failure on the old machine). I've successfully built an RPM of OpenSMTPD
for CentOS 8 and it's running nicely, however I've a problem with the
global crypto policies in CentOS 8.
Namely the DEFAULT crypto policy disables TLSv1 for OpenSMTPD. Has
anyone got any experience on how to allow TLSv1 for OpenSMTPD without
downgrading the whole system from DEFAULT to LEGACY crypto policy?
OpenSMTPD has "smtp ciphers" directive which does overwrite the global
ciphers set by the crypto policy, but there doesn't seem to be a way to
set minimum TLS version for OpenSMTPD.
Any help would be welcome!