From 63decacea3ca52e710d7d9db94afad3929e74e81 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 23 Apr 2012 00:00:00 -0500 Subject: [PATCH] postfix-2.10-20120423 --- postfix/README_FILES/TLS_README | 10 ++++++---- postfix/html/TLS_README.html | 10 ++++++---- postfix/html/postconf.5.html | 5 +++-- postfix/man/man5/postconf.5 | 5 +++-- postfix/proto/TLS_README.html | 10 ++++++---- postfix/proto/postconf.proto | 5 +++-- postfix/src/global/mail_version.h | 2 +- 7 files changed, 28 insertions(+), 19 deletions(-) diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index aa2e38859..1bf1d3076 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -509,9 +509,10 @@ Example, MSA that requires TLSv1, not SSLv2 or SSLv3, with high grade ciphers: smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt - smtpd_tls_mandatory_protocols = TLSv1 - # Preferred interface with Postfix >= 2.5: + # Preferred form with Postfix >= 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 + # Alternative form. + smtpd_tls_mandatory_protocols = TLSv1 If you want to take advantage of ciphers with ephemeral Diffie-Hellman (EDH) key exchange (this offers "forward-secrecy"), DH parameters are needed. Instead @@ -1427,9 +1428,10 @@ Example: smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = RC4, MD5 smtp_tls_exclude_ciphers = aNULL - smtp_tls_mandatory_protocols = SSLv3, TLSv1 - # Also available with Postfix >= 2.5: + # Preferred form with Postfix >= 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Alternative form. + smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix >= 2.6: smtp_tls_ciphers = export smtp_tls_protocols = !SSLv2 diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 99a756d70..51299360d 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -733,9 +733,10 @@ ciphers:

smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt - smtpd_tls_mandatory_protocols = TLSv1 - # Preferred interface with Postfix ≥ 2.5: + # Preferred form with Postfix ≥ 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 + # Alternative form. + smtpd_tls_mandatory_protocols = TLSv1 @@ -1903,9 +1904,10 @@ the SSL/TLS protocols used with opportunistic TLS.

smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = RC4, MD5 smtp_tls_exclude_ciphers = aNULL - smtp_tls_mandatory_protocols = SSLv3, TLSv1 - # Also available with Postfix ≥ 2.5: + # Preferred form with Postfix ≥ 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Alternative form. + smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix ≥ 2.6: smtp_tls_ciphers = export smtp_tls_protocols = !SSLv2 diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 637e19d1d..92f10ffea 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -11094,9 +11094,10 @@ and higher.

Example: 

-smtp_tls_mandatory_protocols = TLSv1
-# Alternative form with Postfix ≥ 2.5:
+# Preferred form with Postfix ≥ 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Alternative form.
+smtp_tls_mandatory_protocols = TLSv1

This feature is available in Postfix 2.3 and later.

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 6d3a60ea6..0087dffc6 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -6693,9 +6693,10 @@ Example: .nf .na .ft C -smtp_tls_mandatory_protocols = TLSv1 -# Alternative form with Postfix >= 2.5: +# Preferred form with Postfix >= 2.5: smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 +# Alternative form. +smtp_tls_mandatory_protocols = TLSv1 .fi .ad .ft R diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index 5f872d41d..063321020 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -733,9 +733,10 @@ ciphers:

smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt - smtpd_tls_mandatory_protocols = TLSv1 - # Preferred interface with Postfix ≥ 2.5: + # Preferred form with Postfix ≥ 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 + # Alternative form. + smtpd_tls_mandatory_protocols = TLSv1 @@ -1903,9 +1904,10 @@ the SSL/TLS protocols used with opportunistic TLS.

smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = RC4, MD5 smtp_tls_exclude_ciphers = aNULL - smtp_tls_mandatory_protocols = SSLv3, TLSv1 - # Also available with Postfix ≥ 2.5: + # Preferred form with Postfix ≥ 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Alternative form. + smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix ≥ 2.6: smtp_tls_ciphers = export smtp_tls_protocols = !SSLv2 diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index df7dfc72f..b24622e01 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10510,9 +10510,10 @@ TLS_README for more information about security levels.

Example: 

-smtp_tls_mandatory_protocols = TLSv1
-# Alternative form with Postfix ≥ 2.5:
+# Preferred form with Postfix ≥ 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Alternative form.
+smtp_tls_mandatory_protocols = TLSv1

This feature is available in Postfix 2.3 and later.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3041dc9fd..60d100f97 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120422" +#define MAIL_RELEASE_DATE "20120423" #define MAIL_VERSION_NUMBER "2.10" #ifdef SNAPSHOT