Discussion:
Old tls (1.0, 1.1) support
(too old to reply)
Pierluigi C
2020-05-29 11:19:38 UTC
Permalink
Hello,
I'm trying to setup a postfix server with TLS enabled and with protocols version supported:
1.0
1.1
1.2

I tried a lot of configuration, with the simplest last one:
tls_preempt_cipherlist = yes
tls_ssl_options = 0x40000000

#smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix ≥ 2.5:
smtp_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = TLSv1


But I got no luck, the only protocol allowed is TLS 1.2 and 1.3.

I'm using postfix version: postfix-3.3.1-9
and openssl version: 1.1.1

How can I achieve this?

Thanks
Nicolás Ciuffolotti
2020-06-03 19:54:10 UTC
Permalink
Post by Pierluigi C
Hello,
1.0
1.1
1.2
tls_preempt_cipherlist = yes
tls_ssl_options = 0x40000000
#smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = TLSv1
But I got no luck, the only protocol allowed is TLS 1.2 and 1.3.
I'm using postfix version: postfix-3.3.1-9
and openssl version: 1.1.1
How can I achieve this?
Thanks
Hello, hope this can help you

access.redhat.com/articles/1468593

I set

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
Nicolás Ciuffolotti
2020-06-04 18:08:54 UTC
Permalink
Post by Pierluigi C
Hello,
1.0
1.1
1.2
tls_preempt_cipherlist = yes
tls_ssl_options = 0x40000000
#smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = TLSv1
But I got no luck, the only protocol allowed is TLS 1.2 and 1.3.
I'm using postfix version: postfix-3.3.1-9
and openssl version: 1.1.1
How can I achieve this?
Thanks
Check opensslcnf.config

I've

MinProtocol = TLSv1.2
MaxProtocol = TLSv1.3
Pierluigi C
2020-06-05 06:04:11 UTC
Permalink
Post by Nicolás Ciuffolotti
Post by Pierluigi C
Hello,
1.0
1.1
1.2
tls_preempt_cipherlist = yes
tls_ssl_options = 0x40000000
#smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = TLSv1
But I got no luck, the only protocol allowed is TLS 1.2 and 1.3.
I'm using postfix version: postfix-3.3.1-9
and openssl version: 1.1.1
How can I achieve this?
Thanks
Check opensslcnf.config
I've
MinProtocol = TLSv1.2
MaxProtocol = TLSv1.3
sorry, I havent give you back.
I found the solution:
update-crypto-policies --set LEGACY

it was just the crypto policies of RH as default and not legacy.

Thanks,

Continue reading on narkive:
Loading...