Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

postfix: disable SHA1 for SMTP connections

Browse source
This commit is contained in:
Martin Weinelt 2025-06-18 06:57:42 +02:00
parent 217ec6008a
commit 64aca4f2ce
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
mail-server/postfix.nix
View file

@ -340,8 +340,8 @@ in
smtpd_tls_mandatory_ciphers = "high";
# Exclude cipher suites with undesirable properties
smtpd_tls_exclude_ciphers = "eNULL, aNULL";
smtpd_tls_mandatory_exclude_ciphers = "eNULL, aNULL";
smtpd_tls_exclude_ciphers = "SHA1, eNULL, aNULL";
smtpd_tls_mandatory_exclude_ciphers = "SHA1, eNULL, aNULL";
# Opportunistic DANE support when delivering mail to other servers
# https://www.postfix.org/postconf.5.html#smtp_tls_security_level
@ -357,8 +357,8 @@ in
smtp_tls_mandatory_ciphers = "high";
# Exclude ciphersuites with undesirable properties
smtp_tls_exclude_ciphers = "eNULL, aNULL";
smtp_tls_mandatory_exclude_ciphers = "eNULL, aNULL";
smtp_tls_exclude_ciphers = "SHA1, eNULL, aNULL";
smtp_tls_mandatory_exclude_ciphers = "SHA1, eNULL, aNULL";
# Restrict and prioritize the following curves in the given order
# Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.