Git/email-toolbox-wiki
1
0
Fork 0
mirror of https://github.com/internetstandards/toolbox-wiki.git synced 2025-11-03 23:35:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update STARTTLS-how-to.md

Browse Source
This commit is contained in:
Dennis Baaten
2020-05-28 11:08:21 +02:00
parent 8813f6dbcd
commit da3c1db8ad
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
under construction/STARTTLS-how-to.md
View File

@@ -16,6 +16,7 @@ Under construction
# Tips, tricks and notices for implementation # Tips, tricks and notices for implementation
* http://postfix.1071664.n5.nabble.com/Disable-SSL-TLS-renegotiation-td96864.html#a96871 * http://postfix.1071664.n5.nabble.com/Disable-SSL-TLS-renegotiation-td96864.html#a96871
* Use the RFC 7919 defined DH groups: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem)
## Implementing STARTTLS in Postfix ## Implementing STARTTLS in Postfix
**Specifics for this setup** **Specifics for this setup**
@@ -60,7 +61,7 @@ Under construction
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8 smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8
# Enable server cipher-suite preferences # Enable server cipher-suite preferences
tls_preempt_cipherlist = yes tls_preempt_cipherlist = yes
# Forward secrecy (use the RFC 7919 defined DH group:https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem) # Forward secrecy
smtpd_tls_eecdh_grade=ultra smtpd_tls_eecdh_grade=ultra
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/ffdhe4096.pem smtpd_tls_dh1024_param_file = /etc/postfix/ssl/ffdhe4096.pem