Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

postfix: allow client to select the preferred cipher

Browse source 
As long as all cipher we support are considered safe we can allow clients
to select one that suits them best.
This commit is contained in:
Martin Weinelt 2025-06-03 00:45:12 +02:00
parent d6d6308ba2
commit f9b15192b8
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
mail-server/postfix.nix
View file

@ -287,10 +287,12 @@ in
smtp_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
smtp_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
tls_preempt_cipherlist = true;
# As long as all cipher suites are considered safe, let the client use its preferred cipher
tls_preempt_cipherlist = false;
# Allowing AUTH on a non encrypted connection poses a security risk
smtpd_tls_auth_only = true;
# Log only a summary message on TLS handshake completion
smtp_tls_loglevel = "1";
smtpd_tls_loglevel = "1";