Merge branch 'crypto' into 'master'

postfix: allow client to select the preferred cipher

See merge request simple-nixos-mailserver/nixos-mailserver!412
This commit is contained in:
Martin Weinelt 2025-06-12 22:48:04 +00:00
commit 54cb3e5784

View file

@ -287,10 +287,12 @@ in
smtp_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
smtp_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
tls_preempt_cipherlist = true;
# As long as all cipher suites are considered safe, let the client use its preferred cipher
tls_preempt_cipherlist = false;
# Allowing AUTH on a non encrypted connection poses a security risk
smtpd_tls_auth_only = true;
# Log only a summary message on TLS handshake completion
smtp_tls_loglevel = "1";
smtpd_tls_loglevel = "1";