Re: TLS1.3 only
Am 13.07.2018 um 02:43 schrieb Viktor Dukhovni: > That is, you'd need to use "smtpd_tls_mandatory_protocols", assuming > that for the subission service you also have: > > -o smtpd_tls_security_level=encrypt Hello, like assumed it was my mistake. yes, on the submission port I do have "-o smtpd_tls_security_level=encrypt" and if I set "-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2" I really could connect *only* using TLS1.3. -> everything works like documented :-) Thanks Viktor! Andreas
Re: TLS1.3 only
On Thu, Jul 12, 2018 at 04:39:20PM -0400, Wietse Venema wrote: > > For fun I tried to disable all TLS protocol versions other then TLS1.3 > > > > master.cf: > > submission.local inet n - - - - smtpd > >-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2 > > That setting is ONLY in effect with 'smtpd_tls_security_level = may'. That is, you'd need to use "smtpd_tls_mandatory_protocols", assuming that for the subission service you also have: -o smtpd_tls_security_level=encrypt > > but I'm still able to connect using TLS1.2 > > Insufficient information. The most likely explanation based on the minimal description is that you have mandatory TLS. -- Viktor.
Re: TLS1.3 only
Am 12.07.2018 um 22:39 schrieb Wietse Venema: > A. Schulze: >> Hello, >> >> postfix-3.3.1 + openssl-1.1.1pre8 >> >> For fun I tried to disable all TLS protocol versions other then TLS1.3 >> >> master.cf: >> submission.local inet n - - - - smtpd >>-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2 > > That setting is ONLY in effect with 'smtpd_tls_security_level = may'. > >> but I'm still able to connect using TLS1.2 > > Insufficient information. > > Wietse > ok, will simply my setup to provide more settings ( maybe it's also my fault, we'll see ) but not today, it's late here ... Andreas
Re: TLS1.3 only
A. Schulze: > Hello, > > postfix-3.3.1 + openssl-1.1.1pre8 > > For fun I tried to disable all TLS protocol versions other then TLS1.3 > > master.cf: > submission.local inet n - - - - smtpd >-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2 That setting is ONLY in effect with 'smtpd_tls_security_level = may'. > but I'm still able to connect using TLS1.2 Insufficient information. Wietse