From 5425ed1ffa2953abdfdc819841665260dd38701d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 18 May 2016 01:09:31 +0200 Subject: postfix: disable weak ciphers for the 'encrypt' TLS security level. That is, on the MSA and in our local infrastructure. --- roles/MX/templates/etc/postfix/main.cf.j2 | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/MX') diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index a9e7ee4..46af8e9 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -84,6 +84,7 @@ smtp_tls_security_level = none smtp_bind_address = 127.0.0.1 {% else %} smtp_tls_security_level = encrypt +smtp_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache -- cgit v1.2.3