Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'crypto' into 'master'

Browse source 
postfix: allow client to select the preferred cipher

See merge request simple-nixos-mailserver/nixos-mailserver!412
This commit is contained in:
Martin Weinelt 2025-06-12 22:48:04 +00:00
commit 54cb3e5784
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
mail-server/postfix.nix
View file

@ -287,10 +287,12 @@ in
smtp_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL"; smtp_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
smtp_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL"; smtp_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
tls_preempt_cipherlist = true; # As long as all cipher suites are considered safe, let the client use its preferred cipher
tls_preempt_cipherlist = false;
# Allowing AUTH on a non encrypted connection poses a security risk # Allowing AUTH on a non encrypted connection poses a security risk
smtpd_tls_auth_only = true; smtpd_tls_auth_only = true;
# Log only a summary message on TLS handshake completion # Log only a summary message on TLS handshake completion
smtp_tls_loglevel = "1"; smtp_tls_loglevel = "1";
smtpd_tls_loglevel = "1"; smtpd_tls_loglevel = "1";