[Request] enable TLSv1.3 explicitly to prevent default in some cases

Question

[Request] enable TLSv1.3 explicitly to prevent default in some cases

Closed this issue 2 years ago · 1 comments

In addition to #208 since I forgot to add TLSv1.3

Postfix (mta)

https://github.com/jeboehm/docker-mailserver/blob/main/mta/Dockerfile#L60-L63

# enable tls 1.3 & 1.2 (TLSv1.3, TLSv1.2)
# disable tls 1.1 & 1.0 (!TLSv1.1, !TLSv1)
# disable ssl 3 & 2 (!SSLv3, !SSLv2)

smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2
smtpd_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2
smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2
smtp_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2

added TLSv1.3, TLSv1.2 to every line, as otherwise it just takes the default and disabled the one selected for disabling
default is: TLSv1, TLSv1_1 & TLSv1_2

For better structure I would recommend like the order above HIGHEST -> LOWEST - would make it more easy to maintain.

Sorry for the inconvinience

Answer 1 · 2023-03-14T14:52:44.000Z

Thank you @MartinHotmann!
This will be solved in #241