summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix/manifests/mx/tls.pp
AgeCommit message (Collapse)Author
2013-10-06It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-06only use TLSv1 or later for smtp (Feature #4011)Micah Anderson
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
2013-10-03Merge branch 'feature/3953' into developMicah Anderson
2013-10-03It turns out postfix's variable for 1024bit DH parameters can actually take ↵Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-02setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵Micah Anderson
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
2013-09-26Add client-side TLS configuration (#3868)Micah Anderson
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
2013-09-18use x509 for postfix ca and fix names for cert+key (Feature #3833)varac
2013-08-28integrate manual postfix config changes in puppet (Feature #3538)varac
2013-07-31 use smtpd_tls_security_level = may in postfix config (Bug #3348)varac
2013-07-10added tls support, including smtp auth via client certvarac
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 02:13:24 +0000