diff options
author | Micah Anderson <micah@leap.se> | 2013-10-03 13:45:57 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2013-10-06 17:31:16 -0400 |
commit | 9acb4a7c2a36f12a5ca71e5c4c74364d344e2c5f (patch) | |
tree | f73001d79d4a44b07386928c167982b81c38b8ba /puppet/modules/site_postfix | |
parent | f7bb77c38d31021e810b1b55097fa3329bd73ce7 (diff) |
only use TLSv1 or later for smtp (Feature #4011)
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later
SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems.
Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/tls.pp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp index 3bc7d85b..96cfa911 100644 --- a/puppet/modules/site_postfix/manifests/mx/tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/tls.pp @@ -70,6 +70,9 @@ class site_postfix::mx::tls { value => 'btree:${queue_directory}/smtp_cache'; 'smtp_tls_security_level': value => 'may'; + # see issue #4011 + 'smtp_tls_protocols': + value => '!SSLv2, !SSLv3'; } |