From b1cba57633f101b2e37289120f21f5929984794a Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 3 Dec 2015 17:52:44 +0100 Subject: Tell postfix to verify the fingerprint of the cert's pubkey, not the cert itself. --- konfigurera.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/konfigurera.mdwn b/konfigurera.mdwn index 2c214e1..a3353ac 100644 --- a/konfigurera.mdwn +++ b/konfigurera.mdwn @@ -174,7 +174,7 @@ smtp_tls_security_level = fingerprint smtp_tls_fingerprint_digest = sha256 smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtp_tls_fingerprint_cert_match = 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB +smtp_tls_fingerprint_cert_match = 92:BF:5E:D5:B0:4E:10:19:20:08:C4:70:D6:F3:F7:EC:5F:6E:75:D2:1F:9B:FF:4D:49:BD:B0:8A:68:90:49:BF Guilhems kommentar: @@ -193,7 +193,7 @@ Guilhems kommentar: > /etc/postfix/tls_policy > [smtp.chalmers.se]:587 secure ciphers=high protocols=!SSLv2:!SSLv3 > [smtp.fripost.org]:587 fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1 -> match=6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB +> match=92:BF:5E:D5:B0:4E:10:19:20:08:C4:70:D6:F3:F7:EC:5F:6E:75:D2:1F:9B:FF:4D:49:BD:B0:8A:68:90:49:BF > > /etc/postfix/relayhost_map > @fripost.org [smtp.fripost.org]:587 -- cgit v1.2.3