On Sat, Jan 23, 2010 at 05:59:37PM +0100, Jelle de Jong wrote:
> >> postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !TLSv1'
> >
> > Why disable both SSLv2 and TLSv1?! Leave this setting at its default
> > value, or disable just SSLv2. Does your client or server correctly handle
> > SSLv3, but fail to interoperate via TLSv1?
>
> Well my server supports SSLv3 just fine, so I thought I disable
> everything lower, and if better protocols come around postfix will
> update and will still be able to use the newer stuff since I did not
> force it to only use SSLv3.
The default settings for advanced TLS features were chosen with care.
It is unwise to change them unless you are a TLS expert. TLSv 1.0 is
SSL 3.1. TLS 1.1 is SSL 3.2, ... There is no plan for TLSv2 at this
time, but it would be SSL version 4.
Don't change advanced TLS settings until you have read the relevant
OpenSSL documentation and/or RFCs and in some cases the OpenSSL source
code (sadly OpenSSL documentation is not as complete as the Postfix
documentation).
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
