mailcow-dockerized-docs/docs/u_e-reeanble-weak-protocols.md

On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).

Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

**How to re-enable weak protocols?**

Edit `data/conf/postfix/extra.cf`:

```
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
```

Edit `data/conf/dovecot/extra.conf`:

```
ssl_min_protocol = TLSv1
```

Restart the affected services:

```
docker-compose restart postfix-mailcow dovecot-mailcow
```

Hint: You can enable TLS 1.2 in Windows 7.
Update u_e-reeanble-weak-protocols.md 2020-02-12 11:05:23 +01:00			`On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).`
Add info about how to re-enable TLS 1.0 and 1.1 2020-02-12 10:49:38 +01:00
			`Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.`

			`How to re-enable weak protocols?`

			Edit `data/conf/postfix/extra.cf`:

			```
			`submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3`
			`smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3`
			```

			Edit `data/conf/dovecot/extra.conf`:

			```
			`ssl_min_protocol = TLSv1`
			```

			`Restart the affected services:`

			```
			`docker-compose restart postfix-mailcow dovecot-mailcow`
			```

			`Hint: You can enable TLS 1.2 in Windows 7.`