Comments on: Disable SSLv2 and Weak Ciphers in Postfix http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/ Words of wisdom from a server administrator Sat, 11 Feb 2012 23:43:21 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Judd http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-13920 Judd Wed, 25 Feb 2009 16:58:56 +0000 http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-13920 this works in main.cf though: smtpd_tls_cipherlist = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 smtp_tls_cipherlist = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 this works in main.cf though:

smtpd_tls_cipherlist = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
smtp_tls_cipherlist = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3

]]> By: Judd http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-13919 Judd Wed, 25 Feb 2009 16:56:16 +0000 http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-13919 No go on RHEL4, requires postfix <= 2.3 No go on RHEL4, requires postfix <= 2.3

]]> By: Dennis http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-12265 Dennis Fri, 30 Jan 2009 21:05:39 +0000 http://rackerhacker.com/2007/03/08/disable-sslv2-and-weak-ciphers-in-postfix/#comment-12265 Don't do that. It should be "smtpd_tls_mandatory_ciphers = medium" or "smtpd_tls_mandatory_ciphers = high", using both actual just fubars the whole thing (silently). From the docs it says for medium: "Enable the mainstream "MEDIUM" grade or better". Don't do that. It should be "smtpd_tls_mandatory_ciphers = medium" or "smtpd_tls_mandatory_ciphers = high", using both actual just fubars the whole thing (silently). From the docs it says for medium: "Enable the mainstream "MEDIUM" grade or better".

]]>