Add info about how to re-enable TLS 1.0 and 1.1
Dieser Commit ist enthalten in:
Ursprung
ee781d9f07
Commit
aeaf820613
2 geänderte Dateien mit 27 neuen und 0 gelöschten Zeilen
26
docs/u_e-reeanble-weak-protocols.md
Normale Datei
26
docs/u_e-reeanble-weak-protocols.md
Normale Datei
|
@ -0,0 +1,26 @@
|
|||
On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1.
|
||||
|
||||
Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.
|
||||
|
||||
**How to re-enable weak protocols?**
|
||||
|
||||
Edit `data/conf/postfix/extra.cf`:
|
||||
|
||||
```
|
||||
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||
```
|
||||
|
||||
Edit `data/conf/dovecot/extra.conf`:
|
||||
|
||||
```
|
||||
ssl_min_protocol = TLSv1
|
||||
```
|
||||
|
||||
Restart the affected services:
|
||||
|
||||
```
|
||||
docker-compose restart postfix-mailcow dovecot-mailcow
|
||||
```
|
||||
|
||||
Hint: You can enable TLS 1.2 in Windows 7.
|
|
@ -95,6 +95,7 @@ nav:
|
|||
- 'Redirect HTTP to HTTPS': 'u_e-80_to_443.md'
|
||||
- 'Adjust Service Configurations': 'u_e-change_config.md'
|
||||
- 'Deinstall': 'u_e-deinstall.md'
|
||||
- 'Re-enable TLS 1.0 upwards': 'u_e-reeanble-weak-protocols.md'
|
||||
- 'Client Configuration':
|
||||
- 'Overview': 'client.md'
|
||||
- 'Android': 'client/client-android.md'
|
||||
|
|
Laden …
In neuem Issue referenzieren