Skip to content

Commit 4dbcd56

Browse files
committed
fix(config): add missing ciphers in smtpd_tls_mandatory_exclude_ciphers, to be consistent with smtpd_tls_mandatory_ciphers = high
1 parent 3b49a04 commit 4dbcd56

2 files changed

Lines changed: 4 additions & 1 deletion

File tree

postfix/files/main.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@
8383
{%- endif %}
8484
{{ set_parameter('smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache') }}
8585
{{ set_parameter('smtpd_tls_mandatory_ciphers', 'high') }}
86-
{{ set_parameter('smtpd_tls_mandatory_exclude_ciphers', ['aNULL', 'MD5']) }}
86+
{{ set_parameter('smtpd_tls_mandatory_exclude_ciphers', ['aNULL', 'eNULL', 'EXPORT', 'DES', '3DES', 'MD5', 'RC4', 'PSK', 'SRP', 'CAMELLIA', 'SEED']) }}
8787
{{ set_parameter('smtpd_tls_mandatory_protocols', ['!SSLv2', '!SSLv3']) }}
8888
{{ set_parameter('tls_preempt_cipherlist', 'yes') }}
8989
# Relay/Sender settings

test/integration/default/controls/postfix_spec.rb

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@
2525
should cmp 'btree:${data_directory}/smtpd_scache'
2626
end
2727
its('smtpd_tls_mandatory_ciphers') { should cmp 'high' }
28+
its('smtpd_tls_mandatory_exclude_ciphers') do
29+
should cmp 'aNULL, eNULL, EXPORT, DES, 3DES, MD5, RC4, PSK, SRP, CAMELLIA, SEED'
30+
end
2831
its('tls_preempt_cipherlist') { should cmp 'yes' }
2932
its('smtp_tls_loglevel') { should cmp '1' }
3033
its('smtp_tls_security_level') { should cmp 'may' }

0 commit comments

Comments
 (0)