Hi All,
does anybody know how to disable the older TLS Protocols TLSv1.0 & TLSv1.1?
TX a lotand best regards
Frank
does anybody know how to disable the older TLS Protocols TLSv1.0 & TLSv1.1?
TX a lotand best regards
Frank
Mailgateway V. 6.3: Inbound on Port 25: ONLY the Protocols TLS 1.2 & TLS 1.3 should be available
- Thread starter mister.frank
- Start date
you need to adapt the postfix configuration (main.cf if you want to do so globally) using the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
postfix TLS config and parameters are quite well explained in:
http://www.postfix.org/TLS_README.html
That being said - consider that SMTP usually only uses opportunistic TLS via the STARTTLS command, which can result in connections to servers
not supporting TLS 1.2 or newer to fall back to being plain-text (instead of being at least encrypted with TLS 1.1)
Sadly there are quite many smtp-servers out there which haven't adapted their config for quite a while - so you might end up having even lower security than by leaving the defaults.
(I haven't checked the number of hosts which do not support newer tls implementations recently - so things might have changed for the better )
I hope this helps!