Add info about how to re-enable TLS 1.0 and 1.1

Dieser Commit ist enthalten in:
andryyy 2020-02-12 10:49:38 +01:00
Ursprung ee781d9f07
Commit aeaf820613
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 8EC34FF2794E25EF
2 geänderte Dateien mit 27 neuen und 0 gelöschten Zeilen

Datei anzeigen

@ -0,0 +1,26 @@
On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1.
Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.
**How to re-enable weak protocols?**
Edit `data/conf/postfix/extra.cf`:
```
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
```
Edit `data/conf/dovecot/extra.conf`:
```
ssl_min_protocol = TLSv1
```
Restart the affected services:
```
docker-compose restart postfix-mailcow dovecot-mailcow
```
Hint: You can enable TLS 1.2 in Windows 7.

Datei anzeigen

@ -95,6 +95,7 @@ nav:
- 'Redirect HTTP to HTTPS': 'u_e-80_to_443.md' - 'Redirect HTTP to HTTPS': 'u_e-80_to_443.md'
- 'Adjust Service Configurations': 'u_e-change_config.md' - 'Adjust Service Configurations': 'u_e-change_config.md'
- 'Deinstall': 'u_e-deinstall.md' - 'Deinstall': 'u_e-deinstall.md'
- 'Re-enable TLS 1.0 upwards': 'u_e-reeanble-weak-protocols.md'
- 'Client Configuration': - 'Client Configuration':
- 'Overview': 'client.md' - 'Overview': 'client.md'
- 'Android': 'client/client-android.md' - 'Android': 'client/client-android.md'