mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-3.6-20200725

Browse Source
This commit is contained in:
Wietse Venema 2020-07-25 00:00:00 -05:00 committed by Viktor Dukhovni
parent bf6bdb562d
commit 04f880d08a
25 changed files with 1048 additions and 651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
postfix/HISTORY
View File

@ -25008,3 +25008,18 @@ Apologies for any names omitted.
Final cleanups of the peername matching code. File:
tls/tls_client.c.
202000725
Documentation of how to set the minimum and maximum allowed
TLS protocol versions (these override system-wide OpenSSL
configuration), some related code cleanups including better
warning messages. Viktor Dukhovni. Files: proto/TLS_README.html,
proto/postconf.proto, global/mail_params.h,
posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_client.c,
tls/tls_fprint.c, tls/tls_misc.c, tls/tls_server.c.
The Postfix TLS library did not override the system-wide
OpenSSL configuration of allowed TLS protocol versions, for
sessions where the remote SMTP client sends SNI. File:
tls/tls_server.c.

51
postfix/README_FILES/TLS_README
View File

@ -101,10 +101,10 @@ SMTP server configurations will not accidentally enable TLS without
certificates.
Note that server certificates are nnoott optional in TLS 1.3. To run without
certificates you'd have to disable the TLS 1.3 protocol by including '!TLSv1.3'
in "smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols". It
is simpler instead to just configure a certificate chain. Certificate-less
operation is not recommended.
certificates you'd have to disable the TLS 1.3 protocol by including
"<=TLSv1.2" (or, for Postfix < 3.6, "!TLSv1.3") in "smtpd_tls_protocols" and
perhaps also "smtpd_tls_mandatory_protocols". It is simpler instead to just
configure a certificate chain. Certificate-less operation is not recommended.
RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. Most sites only
have RSA certificates. You can configure all three at the same time, in which
@ -632,8 +632,8 @@ With mandatory and opportunistic TLS encryption, the Postfix SMTP server by
default disables SSLv2 and SSLv3 with Postfix releases after the middle of
2015; older releases only disable SSLv2 for mandatory TLS. The mandatory TLS
protocol list is specified via the smtpd_tls_mandatory_protocols configuration
parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the SSL/
TLS protocols used with opportunistic TLS.
parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the TLS
protocols used with opportunistic TLS.
Note that the OpenSSL library only supports protocol exclusion (not inclusion).
For this reason, Postfix can exclude only protocols that are known at the time
@ -649,8 +649,7 @@ configurations may not interoperate with some clients, and require that TLSv1.3
be explicitly disabled. Therefore, they are not recommended, it is better and
simpler to just configure a suitable certificate.
Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3, with high grade
ciphers:
Example, MSA that requires TLSv1.2 or higher, with high grade ciphers:
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
@ -658,10 +657,10 @@ ciphers:
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_security_level = encrypt
# Preferred syntax with Postfix >= 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix >= 3.6:
smtpd_tls_mandatory_protocols = >=TLSv1.2
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
With Postfix >= 3.4, specify instead a single file that holds the key followed
by the corresponding certificate and any associated issuing certificates,
@ -924,9 +923,10 @@ not specified consistently.
submission
/etc/postfix/tls_policy:
[example.net]:587 encrypt protocols=TLSv1 ciphers=high
[example.net]:msa encrypt protocols=TLSv1 ciphers=high
[example.net]:submission encrypt protocols=TLSv1 ciphers=high
# Postfix >= 3.6 "protocols" syntax
[example.net]:587 encrypt protocols=>=TLSv1.2 ciphers=high
# Legacy "protocols" syntax
[example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
DDAANNEE TTLLSS aauutthheennttiiccaattiioonn..
@ -1835,8 +1835,11 @@ Example:
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
# Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium
# Postfix >= 3.6 "protocols" syntax
example.info may protocols=>=TLSv1 ciphers=medium
exclude=3DES
# Legacy protocols syntax
example.info may protocols=!SSLv2:!SSLv3 ciphers=medium
exclude=3DES
NNoottee:: The "hostname" strategy if listed in a non-default setting of
@ -1909,8 +1912,8 @@ the minimum opportunistic TLS cipher grade is always "export".
With mandatory and opportunistic TLS encryption, the Postfix SMTP client will
by default disable SSLv2 and SSLv3. The mandatory TLS protocol list is
specified via the smtp_tls_mandatory_protocols configuration parameter. The
corresponding smtp_tls_protocols parameter (Postfix >= 2.6) controls the SSL/
TLS protocols used with opportunistic TLS.
corresponding smtp_tls_protocols parameter (Postfix >= 2.6) controls the TLS
protocols used with opportunistic TLS.
Example:
@ -1918,13 +1921,13 @@ Example:
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
smtp_tls_exclude_ciphers = aNULL
# Preferred form with Postfix >= 2.5:
smtp_tls_mandatory_protocols = !SSLv2
# Legacy form for Postfix < 2.5:
smtp_tls_mandatory_protocols = SSLv3, TLSv1
# Also available with Postfix >= 2.6:
smtp_tls_ciphers = medium
smtp_tls_protocols = !SSLv2
# Preferred form with Postfix >= 3.6:
smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_protocols = >=TLSv1
# Legacy form for Postfix < 3.6:
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3
CClliieenntt--ssiiddee SSMMTTPPSS ssuuppppoorrtt

47
postfix/html/TLS_README.html
View File

@ -179,10 +179,10 @@ configurations will not accidentally enable TLS without certificates. </p>
<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
run without certificates you'd have to disable the TLS 1.3 protocol by
including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also
"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just
configure a certificate chain. Certificate-less operation is not
recommended. <p>
including "&lt;=TLSv1.2" (or, for Postfix &lt; 3.6, "!TLSv1.3") in
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>".
It is simpler instead to just configure a certificate chain.
Certificate-less operation is not recommended. <p>
<p> RSA, DSA and ECDSA (Postfix &ge; 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
@ -891,7 +891,7 @@ after the middle of 2015; older releases only disable SSLv2 for
mandatory TLS. The mandatory TLS protocol list is specified via the
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> configuration parameter. The
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> parameter (Postfix &ge; 2.6)
controls the SSL/TLS protocols used with opportunistic TLS. </p>
controls the TLS protocols used with opportunistic TLS. </p>
<p> Note that the OpenSSL library only supports protocol exclusion
(not inclusion). For this reason, Postfix can exclude only protocols
@ -909,8 +909,8 @@ that TLSv1.3 be explicitly disabled. Therefore, they are not
recommended, it is better and simpler to just configure a suitable
certificate. </p>
<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
with high grade ciphers: </p>
<p> Example, MSA that requires TLSv1.2 or higher, with high grade
ciphers: </p>
<blockquote>
<pre>
@ -920,10 +920,10 @@ with high grade ciphers: </p>
<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Preferred syntax with Postfix &ge; 2.5:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2
# Legacy syntax:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
</blockquote>
@ -1263,9 +1263,10 @@ just in case the transport table entries are not specified consistently. </p>
submission 587/tcp msa # mail message submission
/etc/postfix/tls_policy:
[example.net]:587 encrypt protocols=TLSv1 ciphers=high
[example.net]:msa encrypt protocols=TLSv1 ciphers=high
[example.net]:submission encrypt protocols=TLSv1 ciphers=high
# Postfix &ge; 3.6 "protocols" syntax
[example.net]:587 encrypt protocols=&gt;=TLSv1.2 ciphers=high
# Legacy "protocols" syntax
[example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
</pre>
</blockquote>
@ -2398,8 +2399,10 @@ Example:
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
# Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
# Postfix &ge; 3.6 "protocols" syntax
example.info may protocols=&gt;=TLSv1 ciphers=medium exclude=3DES
# Legacy protocols syntax
example.info may protocols=!SSLv2:!SSLv3 ciphers=medium exclude=3DES
</pre>
</blockquote>
@ -2494,7 +2497,7 @@ SMTP client will by default disable SSLv2 and SSLv3. The mandatory
TLS protocol list is specified via the
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> configuration parameter. The corresponding
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> parameter (Postfix &ge; 2.6) controls
the SSL/TLS protocols used with opportunistic TLS. </p>
the TLS protocols used with opportunistic TLS. </p>
<p> Example: </p>
@ -2504,13 +2507,13 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = medium
<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = RC4, MD5
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
# Preferred form with Postfix &ge; 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
# Legacy form for Postfix &lt; 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
# Also available with Postfix &ge; 2.6:
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2
# Preferred form with Postfix &ge; 3.6:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1
# Legacy form for Postfix &lt; 3.6:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2,!SSLv3
</pre>
</blockquote>

12
postfix/html/lmtp.8.html
View File

@ -508,9 +508,9 @@ SMTP(8) SMTP(8)
policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
List of SSL/TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
@ -573,9 +573,9 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2, !SSLv3)</b>
List of TLS protocols that the Postfix SMTP client will exclude
or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will

411
postfix/html/postconf.5.html
View File

@ -5420,7 +5420,7 @@ configuration parameter. See there for details. </p>
</DD>
<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see postconf -d output)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
configuration parameter. See there for details. </p>
@ -5464,7 +5464,7 @@ configuration parameter. See there for details. </p>
</DD>
<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see postconf -d output)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration
parameter. See there for details. </p>
@ -12881,74 +12881,92 @@ attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_ma
</DD>
<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see "postconf -d" output)</b></DT><DD>
<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names, (see
<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The
default value is "!SSLv2, !SSLv3" for Postfix releases after the
middle of 2015, "!SSLv2" for older releases. </p>
<p> TLS protocols that the Postfix SMTP client will use with mandatory
TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace,
commas or colons. In the policy table "protocols" attribute (see
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty value
means allow all protocols. </p>
<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
</p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
</p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set a lowest acceptable TLS protocol version
and/or a highest acceptable TLS protocol version. To set the lower
bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=0305
# Allow only TLS 1.2 and up:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=0x0303
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled except by also disabling "TLSv1" (typically leaving just
"SSLv3"). The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2,
!SSLv3". Listing the protocols to include, rather than protocols to
exclude, is supported, but not recommended. The exclusion syntax more
accurately matches the underlying OpenSSL interface. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> When using the exclusion syntax, take care to ensure that the range
of protocols supported by the Postfixm SMTP client is contiguous. When
a protocol version is enabled, disabling any higher version implicitly
disables all versions above that higher version. Thus, for example: </p>
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
server, the Postfix SMTP client is obligated to include the SNI TLS
extension in its SSL client hello message. This may help the remote
SMTP server live up to its promise to provide a certificate that
matches its TLSA records. Since TLS extensions require TLS 1.0 or
later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
SNI is required. If you use "dane" or "dane-only" do not disable
TLSv1, except perhaps via the policy table for destinations which
you are sure will support "TLSv1.1" or "TLSv1.2". </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> While the vast majority of SMTP servers with DANE TLSA records now
support at least TLS 1.2, a few still only support TLS 1.0. If you use
"dane" or "dane-only" it is best to not disable TLSv1, except perhaps
via the policy table for destinations which you are sure will support
"TLSv1.2". </p>
<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and
<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=TLSv1.3
# Legacy syntax:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -13240,54 +13258,81 @@ configurations in environments where DNS security is not assured. </p>
</DD>
<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see postconf -d output)</b></DT><DD>
<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
client would use all protocols with opportunistic TLS. </p>
<p> TLS protocols that the Postfix SMTP client will use with
opportunistic TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty
value means allow all protocols. </p>
<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid
separator is colon. An empty value means allow all protocols. The valid
protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
and "TLSv1". </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1, &lt;=0305
# Allow only TLS 1.0 and up:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=0x0301
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface. </p>
<p> When using the exclusion syntax, take care to ensure that the range of
protocols advertised by an SSL/TLS client is contiguous. When a protocol
version is enabled, disabling any higher version implicitly disables all
versions above that higher version. Thus, for example:
</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !TLSv1
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# TLSv1 or better:
# Preferred syntax with Postfix &ge; 3.6:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1, &lt;=TLSv1.3
# Legacy syntax:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
@ -13479,12 +13524,13 @@ Examples:
<pre>
# Opportunistic TLS.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
# Postfix &ge; 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
# cipher grade).
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1
# Legacy (Postfix &lt; 3.6) syntax:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
@ -13495,33 +13541,27 @@ Examples:
</pre>
<pre>
# Mandatory TLS verification of hostname or nexthop domain.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop
</pre>
<pre>
# Secure channel TLS with exact nexthop name match.
# Authenticated TLS 1.2 or better matching the nexthop domain or a
# subdomain.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop, dot-nexthop
</pre>
<pre>
# Certificate fingerprint verification (Postfix &ge; 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
# setting, this is practical when mail for all recipients is sent
# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
3D:95:34:51:...:40:99:C0:C1
EC:3B:2D:B0:...:A3:9D:72:F6
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -17639,43 +17679,69 @@ works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_t
</DD>
<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see "postconf -d" output)</b></DT><DD>
<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. If the list is empty, the server supports
all available SSL/TLS protocol versions. A non-empty value is a
list of protocol names separated by whitespace, commas or colons.
The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
are not case sensitive. The default value is "!SSLv2, !SSLv3" for
Postfix releases after the middle of 2015, "!SSLv2" for older
releases. </p>
<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS
encryption. If the list is empty, the server supports all available TLS
protocol versions. A non-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons. </p>
<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics. </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled. The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=0305
# Allow only TLS 1.2 and up:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=0x0303
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> =
!SSLv2, !SSLv3". Listing the protocols to include, rather than
protocols to exclude, is supported, but not recommended. The exclusion
form more accurately matches the underlying OpenSSL interface. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 2.5:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=TLSv1.3
# Legacy syntax:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -17684,36 +17750,67 @@ this can be disabled, if need be, via "!TLSv1.3". </p>
</DD>
<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
(default: !SSLv2, !SSLv3)</b></DT><DD>
(default: see postconf -d output)</b></DT><DD>
<p> List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
empty for older releases allowing all protocols to be
used with opportunistic TLS. A non-empty value is a list of protocol
names separated by whitespace, commas or colons. The supported
protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
sensitive. </p>
<p> TLS protocols accepted by the Postfix SMTP server with opportunistic
TLS encryption. If the list is empty, the server supports all available
TLS protocol versions. A non-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=TLSv1, &lt;=0305
# Allow only TLS 1.0 and up:
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=0x0301
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 3.6:
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=TLSv1, &lt;=TLSv1.3
# Legacy syntax:
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3
</pre>

10
postfix/html/posttls-finger.1.html
View File

@ -4,7 +4,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - posttls-finger(1) </title>
</head> <body> <pre>
POSTTLS-FINGER(1) General Commands Manual POSTTLS-FINGER(1)
POSTTLS-FINGER(1) POSTTLS-FINGER(1)
<b>NAME</b>
posttls-finger - Probe the TLS properties of an ESMTP or LMTP server.
@ -255,9 +255,9 @@ POSTTLS-FINGER(1) General Commands Manual POSTTLS-FINGER(1)
ing the values of TLS library parameters, or "<a href="postconf.5.html#myhostname">myhostname</a>" to
configure the SMTP EHLO name sent to the remote server.
<b>-p</b> <i>protocols</i> (default: !SSLv2)
List of TLS protocols that posttls-finger will exclude or
include. See <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
<b>-p</b> <i>protocols</i> (default: &gt;=TLSv1)
TLS protocols that posttls-finger will exclude or include. See
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
<b>-P</b> <i>CApath/</i> (default: none)
The OpenSSL CApath/ directory (indexed via c_rehash(1)) for
@ -309,7 +309,7 @@ POSTTLS-FINGER(1) General Commands Manual POSTTLS-FINGER(1)
<b>[]</b>. If you want to connect to a specific MX host, for instance
<i>mx1.example.com</i>, specify [<i>mx1.example.com</i>] as the destination
and <i>example.com</i> as a <b>match</b> argument. When using DNS, the desti-
nation domain is assumed fully qualified and no default domain
nation domain is assumed fully qualified and no <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a>
or search suffixes are applied; you must use fully-qualified
names or also enable <b>native</b> host lookups (these don't support
<b>dane</b> or <b>dane-only</b> as no DNSSEC validation information is avail-

12
postfix/html/smtp.8.html
View File

@ -508,9 +508,9 @@ SMTP(8) SMTP(8)
policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
List of SSL/TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
@ -573,9 +573,9 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2, !SSLv3)</b>
List of TLS protocols that the Postfix SMTP client will exclude
or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will

12
postfix/html/smtpd.8.html
View File

@ -475,9 +475,9 @@ SMTPD(8) SMTPD(8)
Postfix SMTP server cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
TLS protocols accepted by the Postfix SMTP server with mandatory
TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
Request that the Postfix SMTP server produces Received: message
@ -524,9 +524,9 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (!SSLv2, !SSLv3)</b>
List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (see postconf -d output)</b>
TLS protocols accepted by the Postfix SMTP server with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP server will

4
postfix/man/man1/posttls-finger.1
View File

@ -230,8 +230,8 @@ Specify zero or more times to override the value of the main.cf
parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include
overriding the values of TLS library parameters, or "myhostname" to
configure the SMTP EHLO name sent to the remote server.
.IP "\fB\-p \fIprotocols\fR (default: !SSLv2)"
List of TLS protocols that posttls\-finger will exclude or include. See
.IP "\fB\-p \fIprotocols\fR (default: >=TLSv1)"
TLS protocols that posttls\-finger will exclude or include. See
smtp_tls_mandatory_protocols for details.
.IP "\fB\-P \fICApath/\fR (default: none)"
The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote

466
postfix/man/man5/postconf.5
View File

@ -3242,7 +3242,7 @@ The LMTP\-specific version of the smtp_tls_mandatory_exclude_ciphers
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
.SH lmtp_tls_mandatory_protocols (default: see postconf \-d output)
The LMTP\-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details.
.PP
@ -3262,7 +3262,7 @@ The LMTP\-specific version of the smtp_tls_policy_maps
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_tls_protocols (default: !SSLv2, !SSLv3)
.SH lmtp_tls_protocols (default: see postconf \-d output)
The LMTP\-specific version of the smtp_tls_protocols configuration
parameter. See there for details.
.PP
@ -8373,78 +8373,102 @@ specified on a per\-destination basis via the TLS policy "exclude"
attribute. See smtp_tls_policy_maps for notes and examples.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption. In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names, (see
\\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and "TLSv1". The
default value is "!SSLv2, !SSLv3" for Postfix releases after the
middle of 2015, "!SSLv2" for older releases.
.SH smtp_tls_mandatory_protocols (default: see "postconf \-d" output)
TLS protocols that the Postfix SMTP client will use with mandatory
TLS encryption. In main.cf the values are separated by whitespace,
commas or colons. In the policy table "protocols" attribute (see
smtp_tls_policy_maps) the only valid separator is colon. An empty value
means allow all protocols.
.PP
With Postfix >= 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below.
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set a lowest acceptable TLS protocol version
and/or a highest acceptable TLS protocol version. To set the lower
bound include an element of the form: ">=\fIversion\fR" where
\fIversion\fR is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "<=\fIversion\fR". There must be no whitespace between
the ">=" or "<=" symbols and the protocol name or number.
.PP
Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version.
.PP
Hexadecimal example (Postfix >= 3.6):
.sp
.in +4
.nf
.na
.ft C
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtp_tls_mandatory_protocols = >=TLSv1.2, <=0305
# Allow only TLS 1.2 and up:
smtp_tls_mandatory_protocols = >=0x0303
.fi
.ad
.ft R
.in -4
also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled.
.PP
Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled except by also disabling "TLSv1" (typically leaving just
"SSLv3"). The latest patch levels of Postfix >= 2.6, and all
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2".
With Postfix < 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2,
!SSLv3". Listing the protocols to include, rather than protocols to
exclude, is supported, but not recommended. The exclusion syntax more
accurately matches the underlying OpenSSL interface.
.PP
OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3".
When using the exclusion syntax, take care to ensure that the range
of protocols supported by the Postfixm SMTP client is contiguous. When
a protocol version is enabled, disabling any higher version implicitly
disables all versions above that higher version. Thus, for example:
.sp
.in +4
.nf
.na
.ft C
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1
.fi
.ad
.ft R
.in -4
.PP
At the dane and
dane\-only security
levels, when usable TLSA records are obtained for the remote SMTP
server, the Postfix SMTP client is obligated to include the SNI TLS
extension in its SSL client hello message. This may help the remote
SMTP server live up to its promise to provide a certificate that
matches its TLSA records. Since TLS extensions require TLS 1.0 or
later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
SNI is required. If you use "dane" or "dane\-only" do not disable
TLSv1, except perhaps via the policy table for destinations which
you are sure will support "TLSv1.1" or "TLSv1.2".
also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled.
.PP
Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
While the vast majority of SMTP servers with DANE TLSA records now
support at least TLS 1.2, a few still only support TLS 1.0. If you use
"dane" or "dane\-only" it is best to not disable TLSv1, except perhaps
via the policy table for destinations which you are sure will support
"TLSv1.2".
.PP
See the documentation of the smtp_tls_policy_maps parameter and
TLS_README for more information about security levels.
.PP
Example:
.PP
.nf
.na
.ft C
# Preferred syntax with Postfix >= 2.5:
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix >= 3.6:
smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
.fi
.ad
.ft R
@ -8716,59 +8740,91 @@ DNS forgery. Do not use the \fBhostname\fR strategy for secure\-channel
configurations in environments where DNS security is not assured.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_protocols (default: !SSLv2, !SSLv3)
List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
client would use all protocols with opportunistic TLS.
.SH smtp_tls_protocols (default: see postconf \-d output)
TLS protocols that the Postfix SMTP client will use with
opportunistic TLS encryption. In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see smtp_tls_policy_maps) the only valid separator is colon. An empty
value means allow all protocols.
.PP
In main.cf the values are separated by whitespace, commas or
colons. In the policy table (see smtp_tls_policy_maps) the only valid
separator is colon. An empty value means allow all protocols. The valid
protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
and "TLSv1".
The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below.
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: ">=\fIversion\fR" where
\fIversion\fR is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "<=\fIversion\fR". There must be no whitespace between
the ">=" or "<=" symbols and the protocol name or number.
.PP
Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version.
.PP
Hexadecimal example (Postfix >= 3.6):
.sp
.in +4
.nf
.na
.ft C
smtp_tls_protocols = !SSLv2, !TLSv1
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtp_tls_protocols = >=TLSv1, <=0305
# Allow only TLS 1.0 and up:
smtp_tls_protocols = >=0x0301
.fi
.ad
.ft R
.in -4
also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled.
.PP
Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"
With Postfix < 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface.
.PP
OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3".
When using the exclusion syntax, take care to ensure that the range of
protocols advertised by an SSL/TLS client is contiguous. When a protocol
version is enabled, disabling any higher version implicitly disables all
versions above that higher version. Thus, for example:
.sp
.in +4
.nf
.na
.ft C
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1
.fi
.ad
.ft R
.in -4
also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled.
.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics.
Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.nf
.na
.ft C
# TLSv1 or better:
# Preferred syntax with Postfix >= 3.6:
smtp_tls_protocols = >=TLSv1, <=TLSv1.3
# Legacy syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
@ -8947,12 +9003,13 @@ smtp_tls_security_level = none
.ft C
# Opportunistic TLS.
smtp_tls_security_level = may
# Postfix >= 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
smtp_tls_ciphers = export
# cipher grade).
smtp_tls_ciphers = medium
smtp_tls_protocols = >=TLSv1
# Legacy (Postfix < 3.6) syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
@ -8971,22 +9028,12 @@ smtp_tls_mandatory_ciphers = high
.nf
.na
.ft C
# Mandatory TLS verification of hostname or nexthop domain.
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop
.fi
.ad
.ft R
.PP
.nf
.na
.ft C
# Secure channel TLS with exact nexthop name match.
# Authenticated TLS 1.2 or better matching the nexthop domain or a
# subdomain.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_secure_cert_match = nexthop, dot\-nexthop
.fi
.ad
.ft R
@ -8997,15 +9044,15 @@ smtp_tls_secure_cert_match = nexthop
# Certificate fingerprint verification (Postfix >= 2.5).
# The CA\-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per\-site
# setting, this is practical when mail for all recipients is sent
# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_mandatory_ciphers = high
smtp_tls_fingerprint_cert_match =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
3D:95:34:51:...:40:99:C0:C1
EC:3B:2D:B0:...:A3:9D:72:F6
.fi
.ad
.ft R
@ -12280,80 +12327,147 @@ works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
(see there for syntax details).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. If the list is empty, the server supports
all available SSL/TLS protocol versions. A non\-empty value is a
list of protocol names separated by whitespace, commas or colons.
The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
are not case sensitive. The default value is "!SSLv2, !SSLv3" for
Postfix releases after the middle of 2015, "!SSLv2" for older
releases.
.SH smtpd_tls_mandatory_protocols (default: see "postconf \-d" output)
TLS protocols accepted by the Postfix SMTP server with mandatory TLS
encryption. If the list is empty, the server supports all available TLS
protocol versions. A non\-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons.
.PP
With Postfix >= 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below.
.PP
Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled. The latest patch levels of Postfix >= 2.6, and all
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: ">=\fIversion\fR" where
\fIversion\fR is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "<=\fIversion\fR". There must be no whitespace between
the ">=" or "<=" symbols and the protocol name or number.
.PP
OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3".
Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version.
.PP
Hexadecimal example (Postfix >= 3.6):
.sp
.in +4
.nf
.na
.ft C
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtpd_tls_mandatory_protocols = >=TLSv1.2, <=0305
# Allow only TLS 1.2 and up:
smtpd_tls_mandatory_protocols = >=0x0303
.fi
.ad
.ft R
.in -4
.PP
With Postfix < 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols =
!SSLv2, !SSLv3". Listing the protocols to include, rather than
protocols to exclude, is supported, but not recommended. The exclusion
form more accurately matches the underlying OpenSSL interface.
.PP
Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.PP
.nf
.na
.ft C
# Preferred syntax with Postfix >= 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix >= 3.6:
smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_protocols (default: !SSLv2, !SSLv3)
List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
empty for older releases allowing all protocols to be
used with opportunistic TLS. A non\-empty value is a list of protocol
names separated by whitespace, commas or colons. The supported
protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
sensitive.
.SH smtpd_tls_protocols (default: see postconf \-d output)
TLS protocols accepted by the Postfix SMTP server with opportunistic
TLS encryption. If the list is empty, the server supports all available
TLS protocol versions. A non\-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons.
.PP
Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below.
.PP
OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3".
As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: ">=\fIversion\fR" where
\fIversion\fR is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "<=\fIversion\fR". There must be no whitespace between
the ">=" or "<=" symbols and the protocol name or number.
.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics.
Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version.
.PP
Hexadecimal example (Postfix >= 3.6):
.sp
.in +4
.nf
.na
.ft C
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtpd_tls_protocols = >=TLSv1, <=0305
# Allow only TLS 1.0 and up:
smtpd_tls_protocols = >=0x0301
.fi
.ad
.ft R
.in -4
.PP
With Postfix < 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface.
.PP
Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.nf
.na
.ft C
# Preferred syntax with Postfix >= 3.6:
smtpd_tls_protocols = >=TLSv1, <=TLSv1.3
# Legacy syntax:
smtpd_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
@ -12845,7 +12959,7 @@ bug work\-arounds to disable.
If the value of the parameter is a hexadecimal long integer starting
with "0x", the bug work\-arounds corresponding to the bits specified in
its value are removed from the \fBSSL_OP_ALL\fR work\-around bit\-mask
(see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)). You can specify more
(see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). You can specify more
bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
0xFFFFFFFF disables all bug\-workarounds on a 32\-bit system. This should
also be sufficient on 64\-bit systems, until OpenSSL abandons support
@ -12863,17 +12977,17 @@ OpenSSL 1.0.0.
.br
.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
See
SSL_CTX_\fBset_options\fR(3)
\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3)
See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
See
SSL_CTX_\fBset_options\fR(3)
\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
also aliased as
@ -12882,7 +12996,7 @@ default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.
.br
.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
also aliased
@ -12892,25 +13006,25 @@ OpenSSL 0.9.8q and OpenSSL 1.0.0c.
.br
.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
See
SSL_CTX_\fBset_options\fR(3)
\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
See
SSL_CTX_\fBset_options\fR(3)
\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_BLOCK_PADDING_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_D5_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_ROLLBACK_BUG\fR"
See SSL_CTX_\fBset_options\fR(3).
See \fBSSL_CTX_set_options\fR(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6!
.br
.IP "\fBTLSEXT_PADDING\fR"
Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.br
.PP
@ -13291,7 +13405,7 @@ solution.
.PP
If the value of the parameter is a hexadecimal long integer
starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)).
in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)).
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
@ -13301,16 +13415,16 @@ if/when they're no longer enabled by default. The supported values
include:
.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
Postfix >= 3.4. See
SSL_CTX_\fBset_options\fR(3).
\fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3).
See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_TICKET\fR"
Enabled by default when needed in
fully\-patched Postfix >= 2.7. Not needed at all for Postfix >=
2.11, unless for some reason you do not want to support TLS session
resumption. Best not set explicitly. See SSL_CTX_\fBset_options\fR(3).
resumption. Best not set explicitly. See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_COMPRESSION\fR"
Disable SSL compression even if
@ -13320,14 +13434,14 @@ and compression before encryption does not always improve security.
.IP "\fBNO_RENEGOTIATION\fR"
Postfix >= 3.4. This can
reduce opportunities for a potential CPU exhaustion attack. See
SSL_CTX_\fBset_options\fR(3).
\fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
Postfix
>= 3.4. See SSL_CTX_\fBset_options\fR(3).
>= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBPRIORITIZE_CHACHA\fR"
Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.br
.PP

12
postfix/man/man8/smtp.8
View File

@ -482,9 +482,9 @@ when TLS is not already enabled for that server.
Optional lookup tables with the Postfix SMTP client TLS security
policy by next\-hop destination; when a non\-empty value is specified,
this overrides the obsolete smtp_tls_per_site parameter.
.IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption.
.IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
TLS protocols that the Postfix SMTP client will use with mandatory
TLS encryption.
.IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR"
@ -532,9 +532,9 @@ The message digest algorithm used to construct remote SMTP server
certificate fingerprints.
.PP
Available in Postfix version 2.6 and later:
.IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR"
List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption.
.IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
TLS protocols that the Postfix SMTP client will use with
opportunistic TLS encryption.
.IP "\fBsmtp_tls_ciphers (medium)\fR"
The minimum TLS cipher grade that the Postfix SMTP client
will use with opportunistic TLS encryption.

12
postfix/man/man8/smtpd.8
View File

@ -439,9 +439,9 @@ use with mandatory TLS encryption.
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP server cipher list at mandatory TLS security levels.
.IP "\fBsmtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption.
.IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
TLS protocols accepted by the Postfix SMTP server with mandatory TLS
encryption.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
@ -476,9 +476,9 @@ fingerprints or public key fingerprints (Postfix 2.9 and later) for
\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
.PP
Available in Postfix version 2.6 and later:
.IP "\fBsmtpd_tls_protocols (!SSLv2, !SSLv3)\fR"
List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption.
.IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR"
TLS protocols accepted by the Postfix SMTP server with opportunistic
TLS encryption.
.IP "\fBsmtpd_tls_ciphers (medium)\fR"
The minimum TLS cipher grade that the Postfix SMTP server
will use with opportunistic TLS encryption.

2
postfix/mantools/postconf2man
View File

@ -88,7 +88,7 @@ while(<>) {
$block =~ s/\s+\n/\n/g;
$block =~ s/^\n//g;
$block =~ s/\s*<\s*nroffescape\s+([^ >]+)\s*>\s*/\n\1\n/g;
$block =~ s/([a-z][_a-zA-Z0-9-]*)(\([0-9]\))/\\fB\1\\fR\2/g;
$block =~ s/([A-Za-z][_a-zA-Z0-9-]*)(\([0-9]\))/\\fB\1\\fR\2/g;
print $block;
$wantpp = !($block =~ /^\.(SH|IP)/);
}

47
postfix/proto/TLS_README.html
View File

@ -179,10 +179,10 @@ configurations will not accidentally enable TLS without certificates. </p>
<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
run without certificates you'd have to disable the TLS 1.3 protocol by
including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
"smtpd_tls_mandatory_protocols". It is simpler instead to just
configure a certificate chain. Certificate-less operation is not
recommended. <p>
including "&lt;=TLSv1.2" (or, for Postfix &lt; 3.6, "!TLSv1.3") in
"smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols".
It is simpler instead to just configure a certificate chain.
Certificate-less operation is not recommended. <p>
<p> RSA, DSA and ECDSA (Postfix &ge; 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
@ -891,7 +891,7 @@ after the middle of 2015; older releases only disable SSLv2 for
mandatory TLS. The mandatory TLS protocol list is specified via the
smtpd_tls_mandatory_protocols configuration parameter. The
smtpd_tls_protocols parameter (Postfix &ge; 2.6)
controls the SSL/TLS protocols used with opportunistic TLS. </p>
controls the TLS protocols used with opportunistic TLS. </p>
<p> Note that the OpenSSL library only supports protocol exclusion
(not inclusion). For this reason, Postfix can exclude only protocols
@ -909,8 +909,8 @@ that TLSv1.3 be explicitly disabled. Therefore, they are not
recommended, it is better and simpler to just configure a suitable
certificate. </p>
<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
with high grade ciphers: </p>
<p> Example, MSA that requires TLSv1.2 or higher, with high grade
ciphers: </p>
<blockquote>
<pre>
@ -920,10 +920,10 @@ with high grade ciphers: </p>
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_security_level = encrypt
# Preferred syntax with Postfix &ge; 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
smtpd_tls_mandatory_protocols = &gt;=TLSv1.2
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
</blockquote>
@ -1263,9 +1263,10 @@ just in case the transport table entries are not specified consistently. </p>
submission 587/tcp msa # mail message submission
/etc/postfix/tls_policy:
[example.net]:587 encrypt protocols=TLSv1 ciphers=high
[example.net]:msa encrypt protocols=TLSv1 ciphers=high
[example.net]:submission encrypt protocols=TLSv1 ciphers=high
# Postfix &ge; 3.6 "protocols" syntax
[example.net]:587 encrypt protocols=&gt;=TLSv1.2 ciphers=high
# Legacy "protocols" syntax
[example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
</pre>
</blockquote>
@ -2398,8 +2399,10 @@ Example:
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
# Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
# Postfix &ge; 3.6 "protocols" syntax
example.info may protocols=&gt;=TLSv1 ciphers=medium exclude=3DES
# Legacy protocols syntax
example.info may protocols=!SSLv2:!SSLv3 ciphers=medium exclude=3DES
</pre>
</blockquote>
@ -2494,7 +2497,7 @@ SMTP client will by default disable SSLv2 and SSLv3. The mandatory
TLS protocol list is specified via the
smtp_tls_mandatory_protocols configuration parameter. The corresponding
smtp_tls_protocols parameter (Postfix &ge; 2.6) controls
the SSL/TLS protocols used with opportunistic TLS. </p>
the TLS protocols used with opportunistic TLS. </p>
<p> Example: </p>
@ -2504,13 +2507,13 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
smtp_tls_exclude_ciphers = aNULL
# Preferred form with Postfix &ge; 2.5:
smtp_tls_mandatory_protocols = !SSLv2
# Legacy form for Postfix &lt; 2.5:
smtp_tls_mandatory_protocols = SSLv3, TLSv1
# Also available with Postfix &ge; 2.6:
smtp_tls_ciphers = medium
smtp_tls_protocols = !SSLv2
# Preferred form with Postfix &ge; 3.6:
smtp_tls_mandatory_protocols = &gt;=TLSv1.2
smtp_tls_protocols = &gt;=TLSv1
# Legacy form for Postfix &lt; 3.6:
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3
</pre>
</blockquote>

413
postfix/proto/postconf.proto
View File

@ -11299,74 +11299,92 @@ configurations in environments where DNS security is not assured. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtp_tls_mandatory_protocols !SSLv2, !SSLv3
%PARAM smtp_tls_mandatory_protocols see "postconf -d" output
<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption. In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names, (see
<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The
default value is "!SSLv2, !SSLv3" for Postfix releases after the
middle of 2015, "!SSLv2" for older releases. </p>
<p> TLS protocols that the Postfix SMTP client will use with mandatory
TLS encryption. In main.cf the values are separated by whitespace,
commas or colons. In the policy table "protocols" attribute (see
smtp_tls_policy_maps) the only valid separator is colon. An empty value
means allow all protocols. </p>
<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics.
</p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
</p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set a lowest acceptable TLS protocol version
and/or a highest acceptable TLS protocol version. To set the lower
bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtp_tls_mandatory_protocols = &gt;=TLSv1.2, &lt;=0305
# Allow only TLS 1.2 and up:
smtp_tls_mandatory_protocols = &gt;=0x0303
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled except by also disabling "TLSv1" (typically leaving just
"SSLv3"). The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2,
!SSLv3". Listing the protocols to include, rather than protocols to
exclude, is supported, but not recommended. The exclusion syntax more
accurately matches the underlying OpenSSL interface. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> When using the exclusion syntax, take care to ensure that the range
of protocols supported by the Postfix SMTP client is contiguous. When
a protocol version is enabled, disabling any higher version implicitly
disables all versions above that higher version. Thus, for example: </p>
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
server, the Postfix SMTP client is obligated to include the SNI TLS
extension in its SSL client hello message. This may help the remote
SMTP server live up to its promise to provide a certificate that
matches its TLSA records. Since TLS extensions require TLS 1.0 or
later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
SNI is required. If you use "dane" or "dane-only" do not disable
TLSv1, except perhaps via the policy table for destinations which
you are sure will support "TLSv1.1" or "TLSv1.2". </p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> While the vast majority of SMTP servers with DANE TLSA records now
support at least TLS 1.2, a few still only support TLS 1.0. If you use
"dane" or "dane-only" it is best to not disable TLSv1, except perhaps
via the policy table for destinations which you are sure will support
"TLSv1.2". </p>
<p> See the documentation of the smtp_tls_policy_maps parameter and
TLS_README for more information about security levels. </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 2.5:
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
smtp_tls_mandatory_protocols = &gt;=TLSv1.2, &lt;=TLSv1.3
# Legacy syntax:
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -11495,7 +11513,7 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM lmtp_tls_mandatory_protocols !SSLv2, !SSLv3
%PARAM lmtp_tls_mandatory_protocols see postconf -d output
<p> The LMTP-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details. </p>
@ -11516,43 +11534,69 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_mandatory_protocols !SSLv2, !SSLv3
%PARAM smtpd_tls_mandatory_protocols see "postconf -d" output
<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. If the list is empty, the server supports
all available SSL/TLS protocol versions. A non-empty value is a
list of protocol names separated by whitespace, commas or colons.
The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
are not case sensitive. The default value is "!SSLv2, !SSLv3" for
Postfix releases after the middle of 2015, "!SSLv2" for older
releases. </p>
<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS
encryption. If the list is empty, the server supports all available TLS
protocol versions. A non-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons. </p>
<p> With Postfix &ge; 2.5 the parameter syntax was expanded to support
protocol exclusions. One can explicitly exclude "SSLv2" by setting
"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more closely
matches the underlying OpenSSL interface semantics. </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". When Postfix &le; 2.5 is linked against OpenSSL 1.0.1
or later, these, or any other new protocol versions, cannot be
disabled. The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtpd_tls_mandatory_protocols = &gt;=TLSv1.2, &lt;=0305
# Allow only TLS 1.2 and up:
smtpd_tls_mandatory_protocols = &gt;=0x0303
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols =
!SSLv2, !SSLv3". Listing the protocols to include, rather than
protocols to exclude, is supported, but not recommended. The exclusion
form more accurately matches the underlying OpenSSL interface. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Preferred syntax with Postfix &ge; 3.6:
smtpd_tls_mandatory_protocols = &gt;=TLSv1.2, &lt;=TLSv1.3
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -11674,12 +11718,13 @@ smtp_tls_security_level = none
<pre>
# Opportunistic TLS.
smtp_tls_security_level = may
# Postfix &ge; 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
smtp_tls_ciphers = export
# cipher grade).
smtp_tls_ciphers = medium
smtp_tls_protocols = &gt;=TLSv1
# Legacy (Postfix &lt; 3.6) syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>
@ -11690,33 +11735,27 @@ smtp_tls_mandatory_ciphers = high
</pre>
<pre>
# Mandatory TLS verification of hostname or nexthop domain.
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
</pre>
<pre>
# Secure channel TLS with exact nexthop name match.
# Authenticated TLS 1.2 or better matching the nexthop domain or a
# subdomain.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_mandatory_protocols = &gt;=TLSv1.2
smtp_tls_secure_cert_match = nexthop, dot-nexthop
</pre>
<pre>
# Certificate fingerprint verification (Postfix &ge; 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
# setting, this is practical when mail for all recipients is sent
# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = &gt;=TLSv1.2
smtp_tls_mandatory_ciphers = high
smtp_tls_fingerprint_cert_match =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
3D:95:34:51:...:40:99:C0:C1
EC:3B:2D:B0:...:A3:9D:72:F6
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -12640,95 +12679,153 @@ the hostname and IP address. The logging format is "host[address]:port".
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM smtp_tls_protocols !SSLv2, !SSLv3
%PARAM smtp_tls_protocols see postconf -d output
<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
client would use all protocols with opportunistic TLS. </p>
<p> TLS protocols that the Postfix SMTP client will use with
opportunistic TLS encryption. In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
(see smtp_tls_policy_maps) the only valid separator is colon. An empty
value means allow all protocols. </p>
<p> In main.cf the values are separated by whitespace, commas or
colons. In the policy table (see smtp_tls_policy_maps) the only valid
separator is colon. An empty value means allow all protocols. The valid
protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
and "TLSv1". </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
higher version implicitly disables all versions above that higher version.
Thus, for example (assuming the OpenSSL library supports both SSLv2
and SSLv3):
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtp_tls_protocols = &gt;=TLSv1, &lt;=0305
# Allow only TLS 1.0 and up:
smtp_tls_protocols = &gt;=0x0301
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface. </p>
<p> When using the exclusion syntax, take care to ensure that the range of
protocols advertised by an SSL/TLS client is contiguous. When a protocol
version is enabled, disabling any higher version implicitly disables all
versions above that higher version. Thus, for example:
</p>
<blockquote>
<pre>
smtp_tls_protocols = !SSLv2, !TLSv1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
only "SSLv3" enabled. </p>
<p> also disables any protocols version higher than TLSv1.1 leaving
only "TLSv1" enabled. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# TLSv1 or better:
# Preferred syntax with Postfix &ge; 3.6:
smtp_tls_protocols = &gt;=TLSv1, &lt;=TLSv1.3
# Legacy syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
%PARAM smtpd_tls_protocols !SSLv2, !SSLv3
%PARAM smtpd_tls_protocols see postconf -d output
<p> List of TLS protocols that the Postfix SMTP server will exclude
or include with opportunistic TLS encryption. The default value is
"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
empty for older releases allowing all protocols to be
used with opportunistic TLS. A non-empty value is a list of protocol
names separated by whitespace, commas or colons. The supported
protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
sensitive. </p>
<p> TLS protocols accepted by the Postfix SMTP server with opportunistic
TLS encryption. If the list is empty, the server supports all available
TLS protocol versions. A non-empty value is a list of protocol names to
include or exclude, separated by whitespace, commas or colons. </p>
<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
the lowest supported TLS protocol version (see below). Older releases
use the "!" exclusion syntax, also described below. </p>
<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
this can be disabled, if need be, via "!TLSv1.3". </p>
<p> As of Postfix 3.6, the preferred way to limit the range of
acceptable protocols is to set the lowest acceptable TLS protocol
version and/or the highest acceptable TLS protocol version. To set the
lower bound include an element of the form: "&gt;=<i>version</i>" where
<i>version</i> is a either one of the TLS protocol names listed above,
or a hexadecimal number corresponding to the desired TLS protocol
version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
bound, use "&lt;=<i>version</i>". There must be no whitespace between
the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
include, rather than protocols to exclude, is supported, but not
recommended. The exclusion form more closely matches the underlying
OpenSSL interface semantics. </p>
<p> Hexadecimal protocol numbers make it possible to specify protocol
bounds for TLS versions that are known to OpenSSL, but might not be
known to Postfix. They cannot be used with the legacy exclusion syntax.
Leading "0" or "0x" prefixes are supported, but not required.
Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
upper or lower bound, and a warning will be logged. Hexadecimal
versions should only be used when Postfix is linked with some future
version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
yet support a symbolic name for that protocol version. </p>
<p>Hexadecimal example (Postfix &ge; 3.6):</p>
<blockquote>
<pre>
# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
# in some future version of OpenSSL (presently a warning is logged).
smtpd_tls_protocols = &gt;=TLSv1, &lt;=0305
# Allow only TLS 1.0 and up:
smtpd_tls_protocols = &gt;=0x0301
</pre>
</blockquote>
<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
version, and the protocol range is configured via protocol exclusions.
To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3".
Listing the protocols to include, rather than protocols to exclude, is
supported, but not recommended. The exclusion form more accurately
matches the underlying OpenSSL interface. </p>
<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
# Preferred syntax with Postfix &ge; 3.6:
smtpd_tls_protocols = &gt;=TLSv1, &lt;=TLSv1.3
# Legacy syntax:
smtpd_tls_protocols = !SSLv2, !SSLv3
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
%PARAM lmtp_tls_protocols !SSLv2, !SSLv3
%PARAM lmtp_tls_protocols see postconf -d output
<p> The LMTP-specific version of the smtp_tls_protocols configuration
parameter. See there for details. </p>
@ -12874,7 +12971,7 @@ EC algorithms have not been disabled by the vendor. </p>
<p> The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of
this parameter is always ignored, and Postfix behaves as though th
this parameter is always ignored, and Postfix behaves as though the
<b>auto</b> value (described below) was chosen.
</p>

12
postfix/src/global/mail_params.h
View File

@ -1336,11 +1336,11 @@ extern char *var_smtpd_tls_CAfile;
extern char *var_smtpd_tls_CApath;
#define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols"
#define DEF_SMTPD_TLS_PROTO "!SSLv2, !SSLv3"
#define DEF_SMTPD_TLS_PROTO ">=TLSv1"
extern char *var_smtpd_tls_proto;
#define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols"
#define DEF_SMTPD_TLS_MAND_PROTO "!SSLv2, !SSLv3"
#define DEF_SMTPD_TLS_MAND_PROTO ">=TLSv1"
extern char *var_smtpd_tls_mand_proto;
#define VAR_SMTPD_TLS_CIPH "smtpd_tls_ciphers"
@ -1571,15 +1571,15 @@ extern int var_lmtp_tls_scache_timeout;
extern char *var_smtp_tls_policy;
#define VAR_SMTP_TLS_PROTO "smtp_tls_protocols"
#define DEF_SMTP_TLS_PROTO "!SSLv2, !SSLv3"
#define DEF_SMTP_TLS_PROTO ">=TLSv1"
#define VAR_LMTP_TLS_PROTO "lmtp_tls_protocols"
#define DEF_LMTP_TLS_PROTO "!SSLv2, !SSLv3"
#define DEF_LMTP_TLS_PROTO ">=TLSv1"
extern char *var_smtp_tls_proto;
#define VAR_SMTP_TLS_MAND_PROTO "smtp_tls_mandatory_protocols"
#define DEF_SMTP_TLS_MAND_PROTO "!SSLv2, !SSLv3"
#define DEF_SMTP_TLS_MAND_PROTO ">=TLSv1"
#define VAR_LMTP_TLS_MAND_PROTO "lmtp_tls_mandatory_protocols"
#define DEF_LMTP_TLS_MAND_PROTO "!SSLv2, !SSLv3"
#define DEF_LMTP_TLS_MAND_PROTO ">=TLSv1"
extern char *var_smtp_tls_mand_proto;
#define VAR_SMTP_TLS_VFY_CMATCH "smtp_tls_verify_cert_match"

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20200720"
#define MAIL_RELEASE_DATE "20200725"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT

6
postfix/src/posttls-finger/posttls-finger.c
View File

@ -224,8 +224,8 @@
/* parameter \fIname\fR with \fIvalue\fR. Possible use-cases include
/* overriding the values of TLS library parameters, or "myhostname" to
/* configure the SMTP EHLO name sent to the remote server.
/* .IP "\fB-p \fIprotocols\fR (default: !SSLv2)"
/* List of TLS protocols that posttls-finger will exclude or include. See
/* .IP "\fB-p \fIprotocols\fR (default: >=TLSv1)"
/* TLS protocols that posttls-finger will exclude or include. See
/* smtp_tls_mandatory_protocols for details.
/* .IP "\fB-P \fICApath/\fR (default: none)"
/* The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote
@ -1806,7 +1806,7 @@ static void parse_options(STATE *state, int argc, char *argv[])
state->max_reconnect = 5;
state->wrapper_mode = 0;
#ifdef USE_TLS
state->protocols = mystrdup("!SSLv2");
state->protocols = mystrdup(">=TLSv1");
state->grade = mystrdup("medium");
#endif
memset((void *) &state->options, 0, sizeof(state->options));

12
postfix/src/smtp/smtp.c
View File

@ -448,9 +448,9 @@
/* Optional lookup tables with the Postfix SMTP client TLS security
/* policy by next-hop destination; when a non-empty value is specified,
/* this overrides the obsolete smtp_tls_per_site parameter.
/* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
/* List of SSL/TLS protocols that the Postfix SMTP client will use with
/* mandatory TLS encryption.
/* .IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
/* TLS protocols that the Postfix SMTP client will use with mandatory
/* TLS encryption.
/* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
/* The verification depth for remote SMTP server certificates.
/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
@ -498,9 +498,9 @@
/* certificate fingerprints.
/* .PP
/* Available in Postfix version 2.6 and later:
/* .IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR"
/* List of TLS protocols that the Postfix SMTP client will exclude or
/* include with opportunistic TLS encryption.
/* .IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
/* TLS protocols that the Postfix SMTP client will use with
/* opportunistic TLS encryption.
/* .IP "\fBsmtp_tls_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP client
/* will use with opportunistic TLS encryption.

12
postfix/src/smtpd/smtpd.c
View File

@ -405,9 +405,9 @@
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* Postfix SMTP server cipher list at mandatory TLS security levels.
/* .IP "\fBsmtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
/* The SSL/TLS protocols accepted by the Postfix SMTP server with
/* mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
/* TLS protocols accepted by the Postfix SMTP server with mandatory TLS
/* encryption.
/* .IP "\fBsmtpd_tls_received_header (no)\fR"
/* Request that the Postfix SMTP server produces Received: message
/* headers that include information about the protocol and cipher used,
@ -442,9 +442,9 @@
/* \fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
/* .PP
/* Available in Postfix version 2.6 and later:
/* .IP "\fBsmtpd_tls_protocols (!SSLv2, !SSLv3)\fR"
/* List of TLS protocols that the Postfix SMTP server will exclude
/* or include with opportunistic TLS encryption.
/* .IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR"
/* TLS protocols accepted by the Postfix SMTP server with opportunistic
/* TLS encryption.
/* .IP "\fBsmtpd_tls_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP server
/* will use with opportunistic TLS encryption.

4
postfix/src/tls/tls.h
View File

@ -385,7 +385,7 @@ extern void tls_param_init(void);
#define TLS_SSL_OP_MANAGED_BITS \
(SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0))
extern int tls_protocol_mask(const char *);
extern int tls_proto_mask_lims(const char *, int *, int *);
/*
* Cipher grade selection.
@ -631,7 +631,7 @@ extern char *tls_digest_encode(const unsigned char *, int);
extern char *tls_cert_fprint(X509 *, const char *);
extern char *tls_pkey_fprint(X509 *, const char *);
extern char *tls_serverid_digest(TLS_SESS_STATE *,
const TLS_CLIENT_START_PROPS *, long, const char *);
const TLS_CLIENT_START_PROPS *, const char *);
/*
* tls_certkey.c

18
postfix/src/tls/tls_client.c
View File

@ -865,6 +865,8 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
{
int sts;
int protomask;
int min_proto;
int max_proto;
const char *cipher_list;
SSL_SESSION *session = 0;
TLS_SESS_STATE *TLScontext;
@ -888,7 +890,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
* Per-session protocol restrictions must be applied to the SSL connection,
* as restrictions in the global context cannot be cleared.
*/
protomask = tls_protocol_mask(props->protocols);
protomask = tls_proto_mask_lims(props->protocols, &min_proto, &max_proto);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("%s: Invalid TLS protocol list \"%s\": aborting TLS session",
@ -956,12 +958,24 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
tls_free_context(TLScontext);
return (0);
}
#define CARP_VERSION(which) do { \
if (which##_proto != 0) \
msg_warn("%s: error setting %simum TLS version to: 0x%04x", \
TLScontext->namaddr, #which, which##_proto); \
else \
msg_warn("%s: error clearing %simum TLS version", \
TLScontext->namaddr, #which); \
} while (0)
/*
* Apply session protocol restrictions.
*/
if (protomask != 0)
SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask));
if (!SSL_set_min_proto_version(TLScontext->con, min_proto))
CARP_VERSION(min);
if (!SSL_set_max_proto_version(TLScontext->con, max_proto))
CARP_VERSION(max);
/*
* When applicable, configure DNS-based or synthetic (fingerprint or
@ -1038,7 +1052,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
* parameters and append it to the serverid.
*/
TLScontext->serverid =
tls_serverid_digest(TLScontext, props, protomask, cipher_list);
tls_serverid_digest(TLScontext, props, cipher_list);
/*
* When authenticating the peer, use 80-bit plus OpenSSL security level

7
postfix/src/tls/tls_fprint.c
View File

@ -6,10 +6,9 @@
/* SYNOPSIS
/* #include <tls.h>
/*
/* char *tls_serverid_digest(TLScontext, props, protomask, ciphers)
/* char *tls_serverid_digest(TLScontext, props, ciphers)
/* TLS_SESS_STATE *TLScontext;
/* const TLS_CLIENT_START_PROPS *props;
/* long protomask;
/* const char *ciphers;
/*
/* char *tls_digest_encode(md_buf, md_len)
@ -187,7 +186,7 @@ static int tls_digest_tlsa(EVP_MD_CTX *mdctx, TLS_TLSA *tlsa)
char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
const TLS_CLIENT_START_PROPS *props,
long protomask, const char *ciphers)
const char *ciphers)
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
@ -219,7 +218,7 @@ char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
digest_string(props->helo ? props->helo : "");
digest_object(&sslversion);
digest_object(&protomask);
digest_string(props->protocols);
digest_string(ciphers);
/*

62
postfix/src/tls/tls_misc.c
View File

@ -69,8 +69,10 @@
/*
/* void tls_param_init()
/*
/* int tls_protocol_mask(plist)
/* int tls_proto_mask_lims(plist, floor, ceiling)
/* const char *plist;
/* int *floor;
/* int *ceiling;
/*
/* int tls_cipher_grade(name)
/* const char *name;
@ -157,10 +159,12 @@
/* entering a chroot jail. The "role" parameter must be TLS_ROLE_CLIENT
/* for clients and TLS_ROLE_SERVER for servers. Any errors are fatal.
/*
/* tls_protocol_mask() returns a bitmask of excluded protocols, given
/* a list (plist) of protocols to include or (preceded by a '!') exclude.
/* If "plist" contains invalid protocol names, TLS_PROTOCOL_INVALID is
/* returned and no warning is logged.
/* tls_proto_mask_lims() returns a bitmask of excluded protocols, and
/* and the protocol version floor/ceiling, given a list (plist) of
/* protocols to include or (preceded by a '!') exclude, or constraints
/* of the form '>=name', '<=name', '>=hexvalue', '<=hexvalue'. If "plist"
/* contains invalid protocol names, TLS_PROTOCOL_INVALID is returned and
/* no warning is logged.
/*
/* tls_cipher_grade() converts a case-insensitive cipher grade
/* name (high, medium, low, export, null) to the corresponding
@ -315,6 +319,19 @@ static const NAME_CODE protocol_table[] = {
0, TLS_PROTOCOL_INVALID,
};
/*
* Protocol name => numeric version, for MinProtocol and MaxProtocol
*/
static const NAME_CODE tls_version_table[] = {
"None", 0,
SSL_TXT_SSLV3, SSL3_VERSION,
SSL_TXT_TLSV1, TLS1_VERSION,
SSL_TXT_TLSV1_1, TLS1_1_VERSION,
SSL_TXT_TLSV1_2, TLS1_2_VERSION,
TLS_PROTOCOL_TXT_TLSV1_3, TLS1_3_VERSION,
0, -1,
};
/*
* SSL_OP_MUMBLE bug work-around name <=> mask conversion.
*/
@ -551,9 +568,32 @@ void tls_update_app_logmask(TLS_APPL_STATE *app_ctx, int log_mask)
app_ctx->log_mask = log_mask;
}
/* tls_protocol_mask - Bitmask of protocols to exclude */
/* parse_version - parse TLS protocol version name or hex number */
int tls_protocol_mask(const char *plist)
static int parse_tls_version(const char *tok, int *version)
{
int code = name_code(tls_version_table, NAME_CODE_FLAG_NONE, tok);
char *_end;
unsigned long ulval;
if (code != -1) {
*version = code;
return (0);
}
errno = 0;
ulval = strtoul(tok, &_end, 16);
if (*_end != 0
|| (ulval == ULONG_MAX && errno == ERANGE)
|| ulval > INT_MAX)
return TLS_PROTOCOL_INVALID;
*version = (int) ulval;
return (0);
}
/* tls_proto_mask_lims - protocols to exclude and floor/ceiling */
int tls_proto_mask_lims(const char *plist, int *floor, int *ceiling)
{
char *save;
char *tok;
@ -567,9 +607,15 @@ int tls_protocol_mask(const char *plist)
return (res); \
} while (0)
*floor = *ceiling = 0;
save = cp = mystrdup(plist);
while ((tok = mystrtok(&cp, CHARS_COMMA_SP ":")) != 0) {
if (*tok == '!')
if (strncmp(tok, ">=", 2) == 0)
code = parse_tls_version(tok + 2, floor);
else if (strncmp(tok, "<=", 2) == 0)
code = parse_tls_version(tok + 2, ceiling);
else if (*tok == '!')
exclude |= code =
name_code(protocol_table, NAME_CODE_FLAG_NONE, ++tok);
else

8
postfix/src/tls/tls_server.c
View File

@ -342,6 +342,8 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
int scache_timeout;
int ticketable = 0;
int protomask;
int min_proto;
int max_proto;
TLS_APPL_STATE *app_ctx;
int log_mask;
@ -366,7 +368,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
/*
* First validate the protocols. If these are invalid, we can't continue.
*/
protomask = tls_protocol_mask(props->protocols);
protomask = tls_proto_mask_lims(props->protocols, &min_proto, &max_proto);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("Invalid TLS protocol list \"%s\": disabling TLS support",
@ -514,6 +516,10 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
*/
if (protomask != 0)
SSL_CTX_set_options(server_ctx, TLS_SSL_OP_PROTOMASK(protomask));
SSL_CTX_set_min_proto_version(server_ctx, min_proto);
SSL_CTX_set_max_proto_version(server_ctx, max_proto);
SSL_CTX_set_min_proto_version(sni_ctx, min_proto);
SSL_CTX_set_max_proto_version(sni_ctx, max_proto);
/*
* Some sites may want to give the client less rope. On the other hand,