On 05/10/17 15:45, Samuel Sieb wrote:
Just speculating, but if SSLv3 is disabled by default in the library,
this is not likely to work. What happens if you put SSLv3 on that
line instead?
The default is:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
Which indicates that SSLv2 and SSLv3 are forbidden while everything else is
allowed (i.e. TLSv1+).
Upon further investigation, I have noticed that instead I need:
smtpd_tls_protocols = !SSLv2
Which has the same defaults. However, with the following in
`/etc/postfix/main.cf`:
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_protocols = !SSLv2
I can run `postconf -d` and get this output:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
Which indicates to me that somewhere Postfix is overriding my configuration.
Thing is, I can't seem to figure out where.
On 05/10/17 13:29, Ed Greshko wrote:
If you really need it, you may have to locate a previous version of the ssl library
and use that. Or, check the source RPM and see if you can't modify it to enable it
and generate a current version for your own use?
I would *really* like to avoid that, if at all possible. I don't trust
myself enough to not break something ;)
It *has* been suggested to me that Postfix might be inserting `!SSLv3`
because
OpenSSL doesn't have that support compiled in. I think this might not be the
case, as I can set `smtpd_tls_protocols` to basically anything (e.g.
`!TLSv1`)
and `postconf -d` will still tell me exactly the same thing.
The more I write, the more I start to wonder if this is actually a bug in
Postfix. I'd like someone with more of a clue than I have to verify it
though.
Thanks for the assistance;
// Nelson.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
