[postfix-users] Postfix TLS Forward Secrecy
Jochen via postfix-users
postfix-users at de.postfix.org
Mi Aug 14 19:17:08 CEST 2013
Am 14.08.2013 17:48, schrieb Robert Schetterer via postfix-users:
> in der Tat etwas merkwuerdig, kannst du mal os/postfix/openssl version
> posten inkl der im Blog erwaehnten settings
OS: Ubuntu 10.10 (Lucid)
Postfix: 2.7.0-1ubuntu0.2
Openssl: 0.9.8k-7ubuntu8.15
smtpd_tls_security_level = may
smtpd_tls_cert_file=/etc/ssl/certs/fahrner_server_ca.pem
smtpd_tls_key_file=/etc/ssl/private/fahrner_privatekey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_CApath = /etc/ssl/certs
tls_preempt_cipherlist = yes
smtpd_tls_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
Mehr Informationen über die Mailingliste postfix-users