[Ach] disable SSLv2 + SSLv3 howto
A. Schulze
sca at andreasschulze.de
Wed Oct 15 14:54:11 CEST 2014
Hello,
to check, which protocols are enabled in postfix:
# postconf | grep '_tls_protocols'
to check, what's currently spoken:
< inbound >
# grep 'TLS connection established from' /var/log/mail | sed -e
's/^.*\]\: //' -e 's/ with cipher.*//' | sort | uniq -c
< outbound >
# grep 'TLS connection established to' /var/log/mail | sed -e
's/^.*\]:25\: //' -e 's/ with cipher.*//' | sort | uniq -c
to disable SSLv2 + SSLv3 in postfix:
# postconf -e 'lmtp_tls_protocols = !SSLv2,!SSLv3'
# postconf -e 'smtp_tls_protocols = !SSLv2,!SSLv3'
# postconf -e 'smtpd_tls_protocols = !SSLv2,!SSLv3'
# postfix reload
to use only TLS1 and TLS1.2 in nginx, add this inside the http { } section:
ssl_protocols = TLSv1 TLSv1.2;
to disable SSLv2 and SSLv3 in dovecot, add this to dovecot.conf:
ssl_protocols = !SSLv2 !SSLv3
please check if your version support this feature at all. This advise
is valid for current releases.
Andreas
More information about the Ach
mailing list