[SOLVED] Disabling TLS 1.0 and 1.1

Oct 28, 2013
314
50
93
www.nadaka.de
Hi there,

we are trying to disable TLS 1.0 and 1.1 for our PMG/Postfix. Therefore we put smtpd_tls_mandatory_protocols = >=TLSv1.2 to our /etc/pmg/templates/main.cf.in and commit the change via pmgconfig sync --restart 1.

Then we tested it from another machine with openssl s_client -connect ourpmg.example.com:25 -tls1 -starttls smtp, and unfortunately -tls1 and -tls1_1 still responds with Secure Renegotiation IS supported. Our expectation is that only -tls1_2 works. Did we miss something? Are we testing wrong?

Thanks and greets!