Final cleanups of the peername matching code. File:
tls/tls_client.c.
+
+202000725
+
+ Documentation of how to set the minimum and maximum allowed
+ TLS protocol versions (these override system-wide OpenSSL
+ configuration), some related code cleanups including better
+ warning messages. Viktor Dukhovni. Files: proto/TLS_README.html,
+ proto/postconf.proto, global/mail_params.h,
+ posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_client.c,
+ tls/tls_fprint.c, tls/tls_misc.c, tls/tls_server.c.
+
+ The Postfix TLS library did not override the system-wide
+ OpenSSL configuration of allowed TLS protocol versions, for
+ sessions where the remote SMTP client sends SNI. File:
+ tls/tls_server.c.
certificates.
Note that server certificates are n\bno\bot\bt optional in TLS 1.3. To run without
-certificates you'd have to disable the TLS 1.3 protocol by including '!TLSv1.3'
-in "smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols". It
-is simpler instead to just configure a certificate chain. Certificate-less
-operation is not recommended.
+certificates you'd have to disable the TLS 1.3 protocol by including
+"<=TLSv1.2" (or, for Postfix < 3.6, "!TLSv1.3") in "smtpd_tls_protocols" and
+perhaps also "smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not recommended.
RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. Most sites only
have RSA certificates. You can configure all three at the same time, in which
default disables SSLv2 and SSLv3 with Postfix releases after the middle of
2015; older releases only disable SSLv2 for mandatory TLS. The mandatory TLS
protocol list is specified via the smtpd_tls_mandatory_protocols configuration
-parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the SSL/
-TLS protocols used with opportunistic TLS.
+parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the TLS
+protocols used with opportunistic TLS.
Note that the OpenSSL library only supports protocol exclusion (not inclusion).
For this reason, Postfix can exclude only protocols that are known at the time
be explicitly disabled. Therefore, they are not recommended, it is better and
simpler to just configure a suitable certificate.
-Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3, with high grade
-ciphers:
+Example, MSA that requires TLSv1.2 or higher, with high grade ciphers:
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_security_level = encrypt
- # Preferred syntax with Postfix >= 2.5:
- smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+ # Preferred syntax with Postfix >= 3.6:
+ smtpd_tls_mandatory_protocols = >=TLSv1.2
# Legacy syntax:
- smtpd_tls_mandatory_protocols = TLSv1
+ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
With Postfix >= 3.4, specify instead a single file that holds the key followed
by the corresponding certificate and any associated issuing certificates,
submission
/etc/postfix/tls_policy:
- [example.net]:587 encrypt protocols=TLSv1 ciphers=high
- [example.net]:msa encrypt protocols=TLSv1 ciphers=high
- [example.net]:submission encrypt protocols=TLSv1 ciphers=high
+ # Postfix >= 3.6 "protocols" syntax
+ [example.net]:587 encrypt protocols=>=TLSv1.2 ciphers=high
+ # Legacy "protocols" syntax
+ [example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
D\bDA\bAN\bNE\bE T\bTL\bLS\bS a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn.\b.
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
- # Postfix 2.6 and later
- example.info may protocols=!SSLv2 ciphers=medium
+ # Postfix >= 3.6 "protocols" syntax
+ example.info may protocols=>=TLSv1 ciphers=medium
+ exclude=3DES
+ # Legacy protocols syntax
+ example.info may protocols=!SSLv2:!SSLv3 ciphers=medium
exclude=3DES
N\bNo\bot\bte\be:\b: The "hostname" strategy if listed in a non-default setting of
With mandatory and opportunistic TLS encryption, the Postfix SMTP client will
by default disable SSLv2 and SSLv3. The mandatory TLS protocol list is
specified via the smtp_tls_mandatory_protocols configuration parameter. The
-corresponding smtp_tls_protocols parameter (Postfix >= 2.6) controls the SSL/
-TLS protocols used with opportunistic TLS.
+corresponding smtp_tls_protocols parameter (Postfix >= 2.6) controls the TLS
+protocols used with opportunistic TLS.
Example:
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
smtp_tls_exclude_ciphers = aNULL
- # Preferred form with Postfix >= 2.5:
- smtp_tls_mandatory_protocols = !SSLv2
- # Legacy form for Postfix < 2.5:
- smtp_tls_mandatory_protocols = SSLv3, TLSv1
- # Also available with Postfix >= 2.6:
smtp_tls_ciphers = medium
- smtp_tls_protocols = !SSLv2
+ # Preferred form with Postfix >= 3.6:
+ smtp_tls_mandatory_protocols = >=TLSv1.2
+ smtp_tls_protocols = >=TLSv1
+ # Legacy form for Postfix < 3.6:
+ smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+ smtp_tls_protocols = !SSLv2,!SSLv3
C\bCl\bli\bie\ben\bnt\bt-\b-s\bsi\bid\bde\be S\bSM\bMT\bTP\bPS\bS s\bsu\bup\bpp\bpo\bor\brt\bt
<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
run without certificates you'd have to disable the TLS 1.3 protocol by
-including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also
-"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just
-configure a certificate chain. Certificate-less operation is not
-recommended. <p>
+including "<=TLSv1.2" (or, for Postfix < 3.6, "!TLSv1.3") in
+"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>".
+It is simpler instead to just configure a certificate chain.
+
Certificate-less operation is not recommended. <p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
mandatory TLS. The mandatory TLS protocol list is specified via the
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> configuration parameter. The
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> parameter (Postfix ≥ 2.6)
-controls the SSL/TLS protocols used with opportunistic TLS. </p>
+controls the TLS protocols used with opportunistic TLS. </p>
<p> Note that the OpenSSL library only supports protocol exclusion
(not inclusion). For this reason, Postfix can exclude only protocols
recommended, it is better and simpler to just configure a suitable
certificate. </p>
-<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
-with high grade ciphers: </p>
+<p> Example, MSA that requires TLSv1.2 or higher, with high grade
+ciphers: </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
- # Preferred syntax with Postfix ≥ 2.5:
- <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+ # Preferred syntax with Postfix ≥ 3.6:
+ <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=TLSv1.2
# Legacy syntax:
- <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
+ <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
</blockquote>
submission 587/tcp msa # mail message submission
/etc/postfix/tls_policy:
- [example.net]:587 encrypt protocols=TLSv1 ciphers=high
- [example.net]:msa encrypt protocols=TLSv1 ciphers=high
- [example.net]:submission encrypt protocols=TLSv1 ciphers=high
+ # Postfix ≥ 3.6 "protocols" syntax
+ [example.net]:587 encrypt protocols=>=TLSv1.2 ciphers=high
+ # Legacy "protocols" syntax
+ [example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
</pre>
</blockquote>
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
- # Postfix 2.6 and later
- example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
+ # Postfix ≥ 3.6 "protocols" syntax
+ example.info may protocols=>=TLSv1 ciphers=medium exclude=3DES
+ # Legacy protocols syntax
+ example.info may protocols=!SSLv2:!SSLv3 ciphers=medium exclude=3DES
</pre>
</blockquote>
TLS protocol list is specified via the
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> configuration parameter. The corresponding
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> parameter (Postfix ≥ 2.6) controls
-the SSL/TLS protocols used with opportunistic TLS. </p>
+the TLS protocols used with opportunistic TLS. </p>
<p> Example: </p>
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = medium
<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = RC4, MD5
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
- # Preferred form with Postfix ≥ 2.5:
- <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
- # Legacy form for Postfix < 2.5:
- <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
- # Also available with Postfix ≥ 2.6:
<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
- <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2
+ # Preferred form with Postfix ≥ 3.6:
+ <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2
+ <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1
+ # Legacy form for Postfix < 3.6:
+ <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+ <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2,!SSLv3
</pre>
</blockquote>
policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
- <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
- List of SSL/TLS protocols that the Postfix SMTP client will use
- with mandatory TLS encryption.
+ <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols that the Postfix SMTP client will use with manda-
+ tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
Available in Postfix version 2.6 and later:
- <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2, !SSLv3)</b>
- List of TLS protocols that the Postfix SMTP client will exclude
- or include with opportunistic TLS encryption.
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols that the Postfix SMTP client will use with oppor-
+ tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
</DD>
<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
+(default: see postconf -d output)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
configuration parameter. See there for details. </p>
</DD>
<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
+(default: see postconf -d output)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration
parameter. See there for details. </p>
</DD>
<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace,
+commas or colons. In the policy table "protocols" attribute (see
+<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty value
+means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set a lowest acceptable TLS protocol version
+and/or a highest acceptable TLS protocol version. To set the lower
+bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2,
+!SSLv3". Listing the protocols to include, rather than protocols to
+exclude, is supported, but not recommended. The exclusion syntax more
+accurately matches the underlying OpenSSL interface. </p>
+
+<p> When using the exclusion syntax, take care to ensure that the range
+of protocols supported by the Postfixm SMTP client is contiguous. When
+a protocol version is enabled, disabling any higher version implicitly
+disables all versions above that higher version. Thus, for example: </p>
-<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
-mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
-whitespace, commas or colons. In the policy table "protocols" attribute
-(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An
-empty value means allow all protocols. The valid protocol names, (see
-<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The
-default value is "!SSLv2, !SSLv3" for Postfix releases after the
-middle of 2015, "!SSLv2" for older releases. </p>
-
-<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics.
-</p>
-
-<p> The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
-</p>
<blockquote>
<pre>
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
-<p> also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled except by also disabling "TLSv1" (typically leaving just
-"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
-<a href="TLS_README.html#client_tls_dane">dane-only</a> security
-levels, when usable TLSA records are obtained for the remote SMTP
-server, the Postfix SMTP client is obligated to include the SNI TLS
-extension in its SSL client hello message. This may help the remote
-SMTP server live up to its promise to provide a certificate that
-matches its TLSA records. Since TLS extensions require TLS 1.0 or
-later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
-SNI is required. If you use "dane" or "dane-only" do not disable
-TLSv1, except perhaps via the policy table for destinations which
-you are sure will support "TLSv1.1" or "TLSv1.2". </p>
+
+<p> also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> While the vast majority of SMTP servers with DANE TLSA records now
+support at least TLS 1.2, a few still only support TLS 1.0. If you use
+"dane" or "dane-only" it is best to not disable TLSv1, except perhaps
+via the policy table for destinations which you are sure will support
+"TLSv1.2". </p>
<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and
<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p>
<p> Example: </p>
-
<pre>
-# Preferred syntax with Postfix ≥ 2.5:
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+# Preferred syntax with Postfix ≥ 3.6:
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
-
-<p> List of TLS protocols that the Postfix SMTP client will exclude or
-include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
-client would use all protocols with opportunistic TLS. </p>
-
-<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
-colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid
-separator is colon. An empty value means allow all protocols. The valid
-protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
-and "TLSv1". </p>
-
-<p> The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
+(default: see postconf -d output)</b></DT><DD>
+
+<p> TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
+whitespace, commas or colons. In the policy table "protocols" attribute
+(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty
+value means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=0x0301
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
+
+<p> When using the exclusion syntax, take care to ensure that the range of
+protocols advertised by an SSL/TLS client is contiguous. When a protocol
+version is enabled, disabling any higher version implicitly disables all
+versions above that higher version. Thus, for example:
</p>
<blockquote>
<pre>
-<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !TLSv1
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
-<p> also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2"</p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics. </p>
+<p> also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
-# TLSv1 or better:
+# Preferred syntax with Postfix ≥ 3.6:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
<pre>
# Opportunistic TLS.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
-# Postfix ≥ 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
-# cipher grade from "export" to "low" or "medium").
-<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
+# cipher grade).
+<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = >=TLSv1
+# Legacy (Postfix < 3.6) syntax:
<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
</pre>
<pre>
-# Mandatory TLS verification of hostname or nexthop domain.
-<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify
-<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
-<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop
-</pre>
-
-<pre>
-# Secure channel TLS with exact nexthop name match.
+# Authenticated TLS 1.2 or better matching the nexthop domain or a
+# subdomain.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
-<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2
+<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop, dot-nexthop
</pre>
<pre>
# Certificate fingerprint verification (Postfix ≥ 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
-# setting, this is practical when mail for all recipients is sent
+# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = >=TLSv1.2
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
- 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
- EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
+ 3D:95:34:51:...:40:99:C0:C1
+ EC:3B:2D:B0:...:A3:9D:72:F6
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
-
-<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
-mandatory TLS encryption. If the list is empty, the server supports
-all available SSL/TLS protocol versions. A non-empty value is a
-list of protocol names separated by whitespace, commas or colons.
-The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
-are not case sensitive. The default value is "!SSLv2, !SSLv3" for
-Postfix releases after the middle of 2015, "!SSLv2" for older
-releases. </p>
-
-<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled. The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption. If the list is empty, the server supports all available TLS
+protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> =
+!SSLv2, !SSLv3". Listing the protocols to include, rather than
+protocols to exclude, is supported, but not recommended. The exclusion
+form more accurately matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
-# Preferred syntax with Postfix ≥ 2.5:
-<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+# Preferred syntax with Postfix ≥ 3.6:
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
-(default: !SSLv2, !SSLv3)</b></DT><DD>
-
-<p> List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-empty for older releases allowing all protocols to be
-used with opportunistic TLS. A non-empty value is a list of protocol
-names separated by whitespace, commas or colons. The supported
-protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
-sensitive. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics. </p>
+(default: see postconf -d output)</b></DT><DD>
+
+<p> TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption. If the list is empty, the server supports all available
+TLS protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=0x0301
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
+# Preferred syntax with Postfix ≥ 3.6:
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3
</pre>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - posttls-finger(1) </title>
</head> <body> <pre>
-POSTTLS-FINGER(1) General Commands Manual POSTTLS-FINGER(1)
+POSTTLS-FINGER(1) POSTTLS-FINGER(1)
<b>NAME</b>
posttls-finger - Probe the TLS properties of an ESMTP or LMTP server.
ing the values of TLS library parameters, or "<a href="postconf.5.html#myhostname">myhostname</a>" to
configure the SMTP EHLO name sent to the remote server.
- <b>-p</b> <i>protocols</i> (default: !SSLv2)
- List of TLS protocols that posttls-finger will exclude or
-
include. See <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
+ <b>-p</b> <i>protocols</i> (default: >=TLSv1)
+ TLS protocols that posttls-finger will exclude or include. See
+ <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
<b>-P</b> <i>CApath/</i> (default: none)
The OpenSSL CApath/ directory (indexed via c_rehash(1)) for
reading the remote server's 220 banner.
<b>-T</b> <i>timeout</i> (default: <b>30</b>)
- The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
+ The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
- <b>-v</b> Enable verbose Postfix logging. Specify more than once to
+ <b>-v</b> Enable verbose Postfix logging. Specify more than once to
increase the level of verbose logging.
- <b>-w</b> Enable outgoing TLS wrapper mode, or SMTPS support. This is
- typically provided on port 465 by servers that are compatible
- with the ad-hoc SMTP in SSL protocol, rather than the standard
+ <b>-w</b> Enable outgoing TLS wrapper mode, or SMTPS support. This is
+ typically provided on port 465 by servers that are compatible
+ with the ad-hoc SMTP in SSL protocol, rather than the standard
STARTTLS protocol. The destination <i>domain</i>:<i>port</i> should of course
provide such a service.
- <b>-X</b> Enable <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> mode. This is an unsupported mode, for pro-
+ <b>-X</b> Enable <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> mode. This is an unsupported mode, for pro-
gram development only.
[<b>inet:</b>]<i>domain</i>[:<i>port</i>]
Connect via TCP to domain <i>domain</i>, port <i>port</i>. The default port is
- <b>smtp</b> (or 24 with LMTP). With SMTP an MX lookup is performed to
- resolve the domain to a host, unless the domain is enclosed in
- <b>[]</b>. If you want to connect to a specific MX host, for instance
- <i>mx1.example.com</i>, specify [<i>mx1.example.com</i>] as the destination
+ <b>smtp</b> (or 24 with LMTP). With SMTP an MX lookup is performed to
+ resolve the domain to a host, unless the domain is enclosed in
+ <b>[]</b>. If you want to connect to a specific MX host, for instance
+ <i>mx1.example.com</i>, specify [<i>mx1.example.com</i>] as the destination
and <i>example.com</i> as a <b>match</b> argument. When using DNS, the desti-
- nation domain is assumed fully qualified and no default domain
- or search suffixes are applied; you must use fully-qualified
- names or also enable <b>native</b> host lookups (these don't support
- <b>dane</b> or <b>dane-only</b> as no DNSSEC validation information is avail-
+ nation domain is assumed fully qualified and no <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a>
+ or search suffixes are applied; you must use fully-qualified
+ names or also enable <b>native</b> host lookups (these don't support
+ <b>dane</b> or <b>dane-only</b> as no DNSSEC validation information is avail-
able via <b>native</b> lookups).
<b>unix:</b><i>pathname</i>
<b>match ...</b>
With no match arguments specified, certificate peername matching
uses the compiled-in default strategies for each security level.
- If you specify one or more arguments, these will be used as the
- list of certificate or public-key digests to match for the <b>fin-</b>
+ If you specify one or more arguments, these will be used as the
+ list of certificate or public-key digests to match for the <b>fin-</b>
<b>gerprint</b> level, or as the list of DNS names to match in the cer-
tificate at the <b>verify</b> and <b>secure</b> levels. If the security level
is <b>dane</b>, or <b>dane-only</b> the match names are ignored, and <b>hostname,</b>
policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
- <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
- List of SSL/TLS protocols that the Postfix SMTP client will use
- with mandatory TLS encryption.
+ <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols that the Postfix SMTP client will use with manda-
+ tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
Available in Postfix version 2.6 and later:
- <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2, !SSLv3)</b>
- List of TLS protocols that the Postfix SMTP client will exclude
- or include with opportunistic TLS encryption.
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols that the Postfix SMTP client will use with oppor-
+ tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP client will
Postfix SMTP server cipher list at mandatory TLS security lev-
els.
- <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b>
- The SSL/TLS protocols accepted by the Postfix SMTP server with
- mandatory TLS encryption.
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols accepted by the Postfix SMTP server with mandatory
+ TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
Request that the Postfix SMTP server produces Received: message
Available in Postfix version 2.6 and later:
- <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (!SSLv2, !SSLv3)</b>
- List of TLS protocols that the Postfix SMTP server will exclude
- or include with opportunistic TLS encryption.
+ <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols accepted by the Postfix SMTP server with oppor-
+ tunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP server will
parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include
overriding the values of TLS library parameters, or "myhostname" to
configure the SMTP EHLO name sent to the remote server.
-.IP "\fB\-p \fIprotocols\fR (default: !SSLv2)"
-List of TLS protocols that posttls\-finger will exclude or include. See
+.IP "\fB\-p \fIprotocols\fR (default: >=TLSv1)"
+TLS protocols that posttls\-finger will exclude or include. See
smtp_tls_mandatory_protocols for details.
.IP "\fB\-P \fICApath/\fR (default: none)"
The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
-.SH lmtp_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
+.SH lmtp_tls_mandatory_protocols (default: see postconf \-d output)
The LMTP\-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details.
.PP
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
-.SH lmtp_tls_protocols (default: !SSLv2, !SSLv3)
+.SH lmtp_tls_protocols (default: see postconf \-d output)
The LMTP\-specific version of the smtp_tls_protocols configuration
parameter. See there for details.
.PP
attribute. See smtp_tls_policy_maps for notes and examples.
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtp_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
-List of SSL/TLS protocols that the Postfix SMTP client will use with
-mandatory TLS encryption. In main.cf the values are separated by
-whitespace, commas or colons. In the policy table "protocols" attribute
-(see smtp_tls_policy_maps) the only valid separator is colon. An
-empty value means allow all protocols. The valid protocol names, (see
-\\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and "TLSv1". The
-default value is "!SSLv2, !SSLv3" for Postfix releases after the
-middle of 2015, "!SSLv2" for older releases.
-.PP
-With Postfix >= 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics.
-.PP
-The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
+.SH smtp_tls_mandatory_protocols (default: see "postconf \-d" output)
+TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption. In main.cf the values are separated by whitespace,
+commas or colons. In the policy table "protocols" attribute (see
+smtp_tls_policy_maps) the only valid separator is colon. An empty value
+means allow all protocols.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set a lowest acceptable TLS protocol version
+and/or a highest acceptable TLS protocol version. To set the lower
+bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtp_tls_mandatory_protocols = >=0x0303
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2,
+!SSLv3". Listing the protocols to include, rather than protocols to
+exclude, is supported, but not recommended. The exclusion syntax more
+accurately matches the underlying OpenSSL interface.
+.PP
+When using the exclusion syntax, take care to ensure that the range
+of protocols supported by the Postfixm SMTP client is contiguous. When
+a protocol version is enabled, disabling any higher version implicitly
+disables all versions above that higher version. Thus, for example:
.sp
.in +4
.nf
.na
.ft C
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1
.fi
.ad
.ft R
.in -4
-also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled.
-.PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled except by also disabling "TLSv1" (typically leaving just
-"SSLv3"). The latest patch levels of Postfix >= 2.6, and all
-versions of Postfix >= 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2".
-.PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
->= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3".
-.PP
-At the dane and
-dane\-only security
-levels, when usable TLSA records are obtained for the remote SMTP
-server, the Postfix SMTP client is obligated to include the SNI TLS
-extension in its SSL client hello message. This may help the remote
-SMTP server live up to its promise to provide a certificate that
-matches its TLSA records. Since TLS extensions require TLS 1.0 or
-later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
-SNI is required. If you use "dane" or "dane\-only" do not disable
-TLSv1, except perhaps via the policy table for destinations which
-you are sure will support "TLSv1.1" or "TLSv1.2".
+.PP
+also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
+.PP
+While the vast majority of SMTP servers with DANE TLSA records now
+support at least TLS 1.2, a few still only support TLS 1.0. If you use
+"dane" or "dane\-only" it is best to not disable TLSv1, except perhaps
+via the policy table for destinations which you are sure will support
+"TLSv1.2".
.PP
See the documentation of the smtp_tls_policy_maps parameter and
TLS_README for more information about security levels.
.PP
Example:
-.PP
.nf
.na
.ft C
-# Preferred syntax with Postfix >= 2.5:
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Preferred syntax with Postfix >= 3.6:
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-smtp_tls_mandatory_protocols = TLSv1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
.fi
.ad
.ft R
configurations in environments where DNS security is not assured.
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtp_tls_protocols (default: !SSLv2, !SSLv3)
-List of TLS protocols that the Postfix SMTP client will exclude or
-include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
-client would use all protocols with opportunistic TLS.
-.PP
-In main.cf the values are separated by whitespace, commas or
-colons. In the policy table (see smtp_tls_policy_maps) the only valid
-separator is colon. An empty value means allow all protocols. The valid
-protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
-and "TLSv1".
-.PP
-The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
+.SH smtp_tls_protocols (default: see postconf \-d output)
+TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption. In main.cf the values are separated by
+whitespace, commas or colons. In the policy table "protocols" attribute
+(see smtp_tls_policy_maps) the only valid separator is colon. An empty
+value means allow all protocols.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
.sp
.in +4
.nf
.na
.ft C
-smtp_tls_protocols = !SSLv2, !TLSv1
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtp_tls_protocols = >=0x0301
.fi
.ad
.ft R
.in -4
-also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled.
-.PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
-versions of Postfix >= 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2"
-.PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
->= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3".
-.PP
-To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics.
+.PP
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface.
+.PP
+When using the exclusion syntax, take care to ensure that the range of
+protocols advertised by an SSL/TLS client is contiguous. When a protocol
+version is enabled, disabling any higher version implicitly disables all
+versions above that higher version. Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1
+.fi
+.ad
+.ft R
+.in -4
+also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled.
+.PP
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.nf
.na
.ft C
-# TLSv1 or better:
+# Preferred syntax with Postfix >= 3.6:
+smtp_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
.ft C
# Opportunistic TLS.
smtp_tls_security_level = may
-# Postfix >= 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
-# cipher grade from "export" to "low" or "medium").
-smtp_tls_ciphers = export
+# cipher grade).
+smtp_tls_ciphers = medium
+smtp_tls_protocols = >=TLSv1
+# Legacy (Postfix < 3.6) syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
.nf
.na
.ft C
-# Mandatory TLS verification of hostname or nexthop domain.
-smtp_tls_security_level = verify
-smtp_tls_mandatory_ciphers = high
-smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop
-.fi
-.ad
-.ft R
-.PP
-.nf
-.na
-.ft C
-# Secure channel TLS with exact nexthop name match.
+# Authenticated TLS 1.2 or better matching the nexthop domain or a
+# subdomain.
smtp_tls_security_level = secure
-smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
-smtp_tls_secure_cert_match = nexthop
+smtp_tls_mandatory_protocols = >=TLSv1.2
+smtp_tls_secure_cert_match = nexthop, dot\-nexthop
.fi
.ad
.ft R
# Certificate fingerprint verification (Postfix >= 2.5).
# The CA\-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per\-site
-# setting, this is practical when mail for all recipients is sent
+# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_mandatory_ciphers = high
smtp_tls_fingerprint_cert_match =
- 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
- EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
+ 3D:95:34:51:...:40:99:C0:C1
+ EC:3B:2D:B0:...:A3:9D:72:F6
.fi
.ad
.ft R
(see there for syntax details).
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtpd_tls_mandatory_protocols (default: !SSLv2, !SSLv3)
-The SSL/TLS protocols accepted by the Postfix SMTP server with
-mandatory TLS encryption. If the list is empty, the server supports
-all available SSL/TLS protocol versions. A non\-empty value is a
-list of protocol names separated by whitespace, commas or colons.
-The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
-are not case sensitive. The default value is "!SSLv2, !SSLv3" for
-Postfix releases after the middle of 2015, "!SSLv2" for older
-releases.
+.SH smtpd_tls_mandatory_protocols (default: see "postconf \-d" output)
+TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption. If the list is empty, the server supports all available TLS
+protocol versions. A non\-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtpd_tls_mandatory_protocols = >=0x0303
+.fi
+.ad
+.ft R
+.in -4
.PP
-With Postfix >= 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics.
-.PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled. The latest patch levels of Postfix >= 2.6, and all
-versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2".
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols =
+!SSLv2, !SSLv3". Listing the protocols to include, rather than
+protocols to exclude, is supported, but not recommended. The exclusion
+form more accurately matches the underlying OpenSSL interface.
.PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
->= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3".
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.PP
.nf
.na
.ft C
-# Preferred syntax with Postfix >= 2.5:
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Preferred syntax with Postfix >= 3.6:
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-smtpd_tls_mandatory_protocols = TLSv1
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtpd_tls_protocols (default: !SSLv2, !SSLv3)
-List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-empty for older releases allowing all protocols to be
-used with opportunistic TLS. A non\-empty value is a list of protocol
-names separated by whitespace, commas or colons. The supported
-protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
-sensitive.
-.PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
-versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2".
+.SH smtpd_tls_protocols (default: see postconf \-d output)
+TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption. If the list is empty, the server supports all available
+TLS protocol versions. A non\-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons.
+.PP
+The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below.
+.PP
+As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=\fIversion\fR" where
+\fIversion\fR is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=\fIversion\fR". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number.
+.PP
+Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version.
+.PP
+Hexadecimal example (Postfix >= 3.6):
+.sp
+.in +4
+.nf
+.na
+.ft C
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtpd_tls_protocols = >=0x0301
+.fi
+.ad
+.ft R
+.in -4
.PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
->= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3".
+With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface.
.PP
-To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics.
+Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2).
.PP
Example:
.nf
.na
.ft C
+# Preferred syntax with Postfix >= 3.6:
+smtpd_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
smtpd_tls_protocols = !SSLv2, !SSLv3
.fi
.ad
If the value of the parameter is a hexadecimal long integer starting
with "0x", the bug work\-arounds corresponding to the bits specified in
its value are removed from the \fBSSL_OP_ALL\fR work\-around bit\-mask
-(see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)). You can specify more
+(see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). You can specify more
bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
0xFFFFFFFF disables all bug\-workarounds on a 32\-bit system. This should
also be sufficient on 64\-bit systems, until OpenSSL abandons support
.br
.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
See
-SSL_CTX_\fBset_options\fR(3)
+\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
-See SSL_CTX_\fBset_options\fR(3)
+See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
See
-SSL_CTX_\fBset_options\fR(3)
+\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
also aliased as
OpenSSL 0.9.7h and OpenSSL 0.9.8a.
.br
.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
also aliased
.br
.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
See
-SSL_CTX_\fBset_options\fR(3)
+\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
See
-SSL_CTX_\fBset_options\fR(3)
+\fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_BLOCK_PADDING_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_D5_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+See \fBSSL_CTX_set_options\fR(3)
.br
.IP "\fBTLS_ROLLBACK_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3).
+See \fBSSL_CTX_set_options\fR(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6!
.br
.IP "\fBTLSEXT_PADDING\fR"
-Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
+Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.br
.PP
.PP
If the value of the parameter is a hexadecimal long integer
starting with "0x", the options corresponding to the bits specified
-in its value are enabled (see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)).
+in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)).
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
include:
.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
Postfix >= 3.4. See
-SSL_CTX_\fBset_options\fR(3).
+\fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
-See SSL_CTX_\fBset_options\fR(3).
+See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_TICKET\fR"
Enabled by default when needed in
fully\-patched Postfix >= 2.7. Not needed at all for Postfix >=
2.11, unless for some reason you do not want to support TLS session
-resumption. Best not set explicitly. See SSL_CTX_\fBset_options\fR(3).
+resumption. Best not set explicitly. See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_COMPRESSION\fR"
Disable SSL compression even if
.IP "\fBNO_RENEGOTIATION\fR"
Postfix >= 3.4. This can
reduce opportunities for a potential CPU exhaustion attack. See
-SSL_CTX_\fBset_options\fR(3).
+\fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
Postfix
->= 3.4. See SSL_CTX_\fBset_options\fR(3).
+>= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.IP "\fBPRIORITIZE_CHACHA\fR"
-Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
+Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3).
.br
.br
.PP
Optional lookup tables with the Postfix SMTP client TLS security
policy by next\-hop destination; when a non\-empty value is specified,
this overrides the obsolete smtp_tls_per_site parameter.
-.IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
-List of SSL/TLS protocols that the Postfix SMTP client will use with
-mandatory TLS encryption.
+.IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption.
.IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR"
certificate fingerprints.
.PP
Available in Postfix version 2.6 and later:
-.IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR"
-List of TLS protocols that the Postfix SMTP client will exclude or
-include with opportunistic TLS encryption.
+.IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
+TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption.
.IP "\fBsmtp_tls_ciphers (medium)\fR"
The minimum TLS cipher grade that the Postfix SMTP client
will use with opportunistic TLS encryption.
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
Additional list of ciphers or cipher types to exclude from the
Postfix SMTP server cipher list at mandatory TLS security levels.
-.IP "\fBsmtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
-The SSL/TLS protocols accepted by the Postfix SMTP server with
-mandatory TLS encryption.
+.IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
.PP
Available in Postfix version 2.6 and later:
-.IP "\fBsmtpd_tls_protocols (!SSLv2, !SSLv3)\fR"
-List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption.
+.IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR"
+TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption.
.IP "\fBsmtpd_tls_ciphers (medium)\fR"
The minimum TLS cipher grade that the Postfix SMTP server
will use with opportunistic TLS encryption.
$block =~ s/\s+\n/\n/g;
$block =~ s/^\n//g;
$block =~ s/\s*<\s*nroffescape\s+([^ >]+)\s*>\s*/\n\1\n/g;
- $block =~ s/([a-z][_a-zA-Z0-9-]*)(\([0-9]\))/\\fB\1\\fR\2/g;
+ $block =~ s/([A-Za-z][_a-zA-Z0-9-]*)(\([0-9]\))/\\fB\1\\fR\2/g;
print $block;
$wantpp = !($block =~ /^\.(SH|IP)/);
}
<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
run without certificates you'd have to disable the TLS 1.3 protocol by
-including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
-"smtpd_tls_mandatory_protocols". It is simpler instead to just
-configure a certificate chain. Certificate-less operation is not
-recommended. <p>
+including "<=TLSv1.2" (or, for Postfix < 3.6, "!TLSv1.3") in
+"smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols".
+It is simpler instead to just configure a certificate chain.
+
Certificate-less operation is not recommended. <p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
mandatory TLS. The mandatory TLS protocol list is specified via the
smtpd_tls_mandatory_protocols configuration parameter. The
smtpd_tls_protocols parameter (Postfix ≥ 2.6)
-controls the SSL/TLS protocols used with opportunistic TLS. </p>
+controls the TLS protocols used with opportunistic TLS. </p>
<p> Note that the OpenSSL library only supports protocol exclusion
(not inclusion). For this reason, Postfix can exclude only protocols
recommended, it is better and simpler to just configure a suitable
certificate. </p>
-<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
-with high grade ciphers: </p>
+<p> Example, MSA that requires TLSv1.2 or higher, with high grade
+ciphers: </p>
<blockquote>
<pre>
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_security_level = encrypt
- # Preferred syntax with Postfix ≥ 2.5:
- smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+ # Preferred syntax with Postfix ≥ 3.6:
+ smtpd_tls_mandatory_protocols = >=TLSv1.2
# Legacy syntax:
- smtpd_tls_mandatory_protocols = TLSv1
+ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
</blockquote>
submission 587/tcp msa # mail message submission
/etc/postfix/tls_policy:
- [example.net]:587 encrypt protocols=TLSv1 ciphers=high
- [example.net]:msa encrypt protocols=TLSv1 ciphers=high
- [example.net]:submission encrypt protocols=TLSv1 ciphers=high
+ # Postfix ≥ 3.6 "protocols" syntax
+ [example.net]:587 encrypt protocols=>=TLSv1.2 ciphers=high
+ # Legacy "protocols" syntax
+ [example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
</pre>
</blockquote>
[thumb.example.org] fingerprint
match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
- # Postfix 2.6 and later
- example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
+ # Postfix ≥ 3.6 "protocols" syntax
+ example.info may protocols=>=TLSv1 ciphers=medium exclude=3DES
+ # Legacy protocols syntax
+ example.info may protocols=!SSLv2:!SSLv3 ciphers=medium exclude=3DES
</pre>
</blockquote>
TLS protocol list is specified via the
smtp_tls_mandatory_protocols configuration parameter. The corresponding
smtp_tls_protocols parameter (Postfix ≥ 2.6) controls
-the SSL/TLS protocols used with opportunistic TLS. </p>
+the TLS protocols used with opportunistic TLS. </p>
<p> Example: </p>
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
smtp_tls_exclude_ciphers = aNULL
- # Preferred form with Postfix ≥ 2.5:
- smtp_tls_mandatory_protocols = !SSLv2
- # Legacy form for Postfix < 2.5:
- smtp_tls_mandatory_protocols = SSLv3, TLSv1
- # Also available with Postfix ≥ 2.6:
smtp_tls_ciphers = medium
- smtp_tls_protocols = !SSLv2
+ # Preferred form with Postfix ≥ 3.6:
+ smtp_tls_mandatory_protocols = >=TLSv1.2
+ smtp_tls_protocols = >=TLSv1
+ # Legacy form for Postfix < 3.6:
+ smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+ smtp_tls_protocols = !SSLv2,!SSLv3
</pre>
</blockquote>
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM smtp_tls_mandatory_protocols !SSLv2, !SSLv3
+%PARAM smtp_tls_mandatory_protocols see "postconf -d" output
+
+<p> TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption. In main.cf the values are separated by whitespace,
+commas or colons. In the policy table "protocols" attribute (see
+smtp_tls_policy_maps) the only valid separator is colon. An empty value
+means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set a lowest acceptable TLS protocol version
+and/or a highest acceptable TLS protocol version. To set the lower
+bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtp_tls_mandatory_protocols = >=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2,
+!SSLv3". Listing the protocols to include, rather than protocols to
+exclude, is supported, but not recommended. The exclusion syntax more
+accurately matches the underlying OpenSSL interface. </p>
+
+<p> When using the exclusion syntax, take care to ensure that the range
+of protocols supported by the Postfix SMTP client is contiguous. When
+a protocol version is enabled, disabling any higher version implicitly
+disables all versions above that higher version. Thus, for example: </p>
-<p> List of SSL/TLS protocols that the Postfix SMTP client will use with
-mandatory TLS encryption. In main.cf the values are separated by
-whitespace, commas or colons. In the policy table "protocols" attribute
-(see smtp_tls_policy_maps) the only valid separator is colon. An
-empty value means allow all protocols. The valid protocol names, (see
-<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The
-default value is "!SSLv2, !SSLv3" for Postfix releases after the
-middle of 2015, "!SSLv2" for older releases. </p>
-
-<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics.
-</p>
-
-<p> The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
-</p>
<blockquote>
<pre>
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
-<p> also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled except by also disabling "TLSv1" (typically leaving just
-"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
-<a href="TLS_README.html#client_tls_dane">dane-only</a> security
-levels, when usable TLSA records are obtained for the remote SMTP
-server, the Postfix SMTP client is obligated to include the SNI TLS
-extension in its SSL client hello message. This may help the remote
-SMTP server live up to its promise to provide a certificate that
-matches its TLSA records. Since TLS extensions require TLS 1.0 or
-later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
-SNI is required. If you use "dane" or "dane-only" do not disable
-TLSv1, except perhaps via the policy table for destinations which
-you are sure will support "TLSv1.1" or "TLSv1.2". </p>
+
+<p> also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> While the vast majority of SMTP servers with DANE TLSA records now
+support at least TLS 1.2, a few still only support TLS 1.0. If you use
+"dane" or "dane-only" it is best to not disable TLSv1, except perhaps
+via the policy table for destinations which you are sure will support
+"TLSv1.2". </p>
<p> See the documentation of the smtp_tls_policy_maps parameter and
TLS_README for more information about security levels. </p>
<p> Example: </p>
-
<pre>
-# Preferred syntax with Postfix ≥ 2.5:
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Preferred syntax with Postfix ≥ 3.6:
+smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-smtp_tls_mandatory_protocols = TLSv1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM lmtp_tls_mandatory_protocols !SSLv2, !SSLv3
+%PARAM lmtp_tls_mandatory_protocols see postconf -d output
<p> The LMTP-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM smtpd_tls_mandatory_protocols !SSLv2, !SSLv3
-
-<p> The SSL/TLS protocols accepted by the Postfix SMTP server with
-mandatory TLS encryption. If the list is empty, the server supports
-all available SSL/TLS protocol versions. A non-empty value is a
-list of protocol names separated by whitespace, commas or colons.
-The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
-are not case sensitive. The default value is "!SSLv2, !SSLv3" for
-Postfix releases after the middle of 2015, "!SSLv2" for older
-releases. </p>
-
-<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support
-protocol exclusions. One can explicitly exclude "SSLv2" by setting
-"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
-"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is
-supported, but not recommended. The exclusion form more closely
-matches the underlying OpenSSL interface semantics. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
-or later, these, or any other new protocol versions, cannot be
-disabled. The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
+%PARAM smtpd_tls_mandatory_protocols see "postconf -d" output
+
+<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption. If the list is empty, the server supports all available TLS
+protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=0305
+# Allow only TLS 1.2 and up:
+smtpd_tls_mandatory_protocols = >=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols =
+!SSLv2, !SSLv3". Listing the protocols to include, rather than
+protocols to exclude, is supported, but not recommended. The exclusion
+form more accurately matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
-# Preferred syntax with Postfix ≥ 2.5:
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Preferred syntax with Postfix ≥ 3.6:
+smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
# Legacy syntax:
-smtpd_tls_mandatory_protocols = TLSv1
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
<pre>
# Opportunistic TLS.
smtp_tls_security_level = may
-# Postfix ≥ 2.6:
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
-# cipher grade from "export" to "low" or "medium").
-smtp_tls_ciphers = export
+# cipher grade).
+smtp_tls_ciphers = medium
+smtp_tls_protocols = >=TLSv1
+# Legacy (Postfix < 3.6) syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>
</pre>
<pre>
-# Mandatory TLS verification of hostname or nexthop domain.
-smtp_tls_security_level = verify
-smtp_tls_mandatory_ciphers = high
-smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
-</pre>
-
-<pre>
-# Secure channel TLS with exact nexthop name match.
+# Authenticated TLS 1.2 or better matching the nexthop domain or a
+# subdomain.
smtp_tls_security_level = secure
-smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
-smtp_tls_secure_cert_match = nexthop
+smtp_tls_mandatory_protocols = >=TLSv1.2
+smtp_tls_secure_cert_match = nexthop, dot-nexthop
</pre>
<pre>
# Certificate fingerprint verification (Postfix ≥ 2.5).
# The CA-less "fingerprint" security level only scales to a limited
# number of destinations. As a global default rather than a per-site
-# setting, this is practical when mail for all recipients is sent
+# setting, this is practical only when mail for all recipients is sent
# to a central mail hub.
relayhost = [mailhub.example.com]
smtp_tls_security_level = fingerprint
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_mandatory_ciphers = high
smtp_tls_fingerprint_cert_match =
- 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
- EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
+ 3D:95:34:51:...:40:99:C0:C1
+ EC:3B:2D:B0:...:A3:9D:72:F6
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
-%PARAM smtp_tls_protocols !SSLv2, !SSLv3
+%PARAM smtp_tls_protocols see postconf -d output
-<p> List of TLS protocols that the Postfix SMTP client will exclude or
-include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP
-client would use all protocols with opportunistic TLS. </p>
+<p> TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption. In main.cf the values are separated by
+whitespace, commas or colons. In the policy table "protocols" attribute
+(see smtp_tls_policy_maps) the only valid separator is colon. An empty
+value means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtp_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtp_tls_protocols = >=0x0301
+</pre>
+</blockquote>
-<p> In main.cf the values are separated by whitespace, commas or
-colons. In the policy table (see smtp_tls_policy_maps) the only valid
-separator is colon. An empty value means allow all protocols. The valid
-protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
-and "TLSv1". </p>
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
-<p> The range of protocols advertised by an SSL/TLS client must be
-contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher version.
-Thus, for example (assuming the OpenSSL library supports both SSLv2
-and SSLv3):
+<p> When using the exclusion syntax, take care to ensure that the range of
+protocols advertised by an SSL/TLS client is contiguous. When a protocol
+version is enabled, disabling any higher version implicitly disables all
+versions above that higher version. Thus, for example:
</p>
<blockquote>
<pre>
-smtp_tls_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1
</pre>
</blockquote>
-<p> also disables any protocols version higher than TLSv1 leaving
-only "SSLv3" enabled. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can explicitly disable support for
-"TLSv1.1" or "TLSv1.2"</p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics. </p>
+<p> also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
-# TLSv1 or better:
+# Preferred syntax with Postfix ≥ 3.6:
+smtp_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
smtp_tls_protocols = !SSLv2, !SSLv3
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
-%PARAM smtpd_tls_protocols !SSLv2, !SSLv3
-
-<p> List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. The default value is
-"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015,
-empty for older releases allowing all protocols to be
-used with opportunistic TLS. A non-empty value is a list of protocol
-names separated by whitespace, commas or colons. The supported
-protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
-sensitive. </p>
-
-<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
-versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
-"TLSv1.2". </p>
-
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
-≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
-this can be disabled, if need be, via "!TLSv1.3". </p>
-
-<p> To include a protocol list its name, to exclude it, prefix the name
-with a "!" character. To exclude SSLv2 for opportunistic TLS set
-"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
-"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, rather than protocols to exclude, is supported, but not
-recommended. The exclusion form more closely matches the underlying
-OpenSSL interface semantics. </p>
+%PARAM smtpd_tls_protocols see postconf -d output
+
+<p> TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption. If the list is empty, the server supports all available
+TLS protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: ">=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "<=<i>version</i>". There must be no whitespace between
+the ">=" or "<=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix ≥ 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+smtpd_tls_protocols = >=TLSv1, <=0305
+# Allow only TLS 1.0 and up:
+smtpd_tls_protocols = >=0x0301
+</pre>
+</blockquote>
+
+<p> With Postfix < 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
<p> Example: </p>
<pre>
+# Preferred syntax with Postfix ≥ 3.6:
+smtpd_tls_protocols = >=TLSv1, <=TLSv1.3
+# Legacy syntax:
smtpd_tls_protocols = !SSLv2, !SSLv3
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>
-%PARAM lmtp_tls_protocols !SSLv2, !SSLv3
+%PARAM lmtp_tls_protocols see postconf -d output
<p> The LMTP-specific version of the smtp_tls_protocols configuration
parameter. See there for details. </p>
<p> The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of
-this parameter is always ignored, and Postfix behaves as though th
+this parameter is always ignored, and Postfix behaves as though the
<b>auto</b> value (described below) was chosen.
</p>
extern char *var_smtpd_tls_CApath;
#define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols"
-#define DEF_SMTPD_TLS_PROTO "!SSLv2, !SSLv3"
+#define DEF_SMTPD_TLS_PROTO ">=TLSv1"
extern char *var_smtpd_tls_proto;
#define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols"
-#define DEF_SMTPD_TLS_MAND_PROTO "!SSLv2, !SSLv3"
+#define DEF_SMTPD_TLS_MAND_PROTO ">=TLSv1"
extern char *var_smtpd_tls_mand_proto;
#define VAR_SMTPD_TLS_CIPH "smtpd_tls_ciphers"
extern char *var_smtp_tls_policy;
#define VAR_SMTP_TLS_PROTO "smtp_tls_protocols"
-#define DEF_SMTP_TLS_PROTO "!SSLv2, !SSLv3"
+#define DEF_SMTP_TLS_PROTO ">=TLSv1"
#define VAR_LMTP_TLS_PROTO "lmtp_tls_protocols"
-#define DEF_LMTP_TLS_PROTO "!SSLv2, !SSLv3"
+#define DEF_LMTP_TLS_PROTO ">=TLSv1"
extern char *var_smtp_tls_proto;
#define VAR_SMTP_TLS_MAND_PROTO "smtp_tls_mandatory_protocols"
-#define DEF_SMTP_TLS_MAND_PROTO "!SSLv2, !SSLv3"
+#define DEF_SMTP_TLS_MAND_PROTO ">=TLSv1"
#define VAR_LMTP_TLS_MAND_PROTO "lmtp_tls_mandatory_protocols"
-#define DEF_LMTP_TLS_MAND_PROTO "!SSLv2, !SSLv3"
+#define DEF_LMTP_TLS_MAND_PROTO ">=TLSv1"
extern char *var_smtp_tls_mand_proto;
#define VAR_SMTP_TLS_VFY_CMATCH "smtp_tls_verify_cert_match"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20200720"
+#define MAIL_RELEASE_DATE "20200725"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
/* parameter \fIname\fR with \fIvalue\fR. Possible use-cases include
/* overriding the values of TLS library parameters, or "myhostname" to
/* configure the SMTP EHLO name sent to the remote server.
-/* .IP "\fB-p \fIprotocols\fR (default: !SSLv2)"
-/* List of TLS protocols that posttls-finger will exclude or include. See
+/* .IP "\fB-p \fIprotocols\fR (default: >=TLSv1)"
+/* TLS protocols that posttls-finger will exclude or include. See
/* smtp_tls_mandatory_protocols for details.
/* .IP "\fB-P \fICApath/\fR (default: none)"
/* The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote
state->max_reconnect = 5;
state->wrapper_mode = 0;
#ifdef USE_TLS
- state->protocols = mystrdup("!SSLv2");
+ state->protocols = mystrdup(">=TLSv1");
state->grade = mystrdup("medium");
#endif
memset((void *) &state->options, 0, sizeof(state->options));
/* Optional lookup tables with the Postfix SMTP client TLS security
/* policy by next-hop destination; when a non-empty value is specified,
/* this overrides the obsolete smtp_tls_per_site parameter.
-/* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
-/* List of SSL/TLS protocols that the Postfix SMTP client will use with
-/* mandatory TLS encryption.
+/* .IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+/* TLS protocols that the Postfix SMTP client will use with mandatory
+/* TLS encryption.
/* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
/* The verification depth for remote SMTP server certificates.
/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
/* certificate fingerprints.
/* .PP
/* Available in Postfix version 2.6 and later:
-/* .IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR"
-/* List of TLS protocols that the Postfix SMTP client will exclude or
-/* include with opportunistic TLS encryption.
+/* .IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
+/* TLS protocols that the Postfix SMTP client will use with
+/* opportunistic TLS encryption.
/* .IP "\fBsmtp_tls_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP client
/* will use with opportunistic TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* Postfix SMTP server cipher list at mandatory TLS security levels.
-/* .IP "\fBsmtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
-/* The SSL/TLS protocols accepted by the Postfix SMTP server with
-/* mandatory TLS encryption.
+/* .IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
+/* TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+/* encryption.
/* .IP "\fBsmtpd_tls_received_header (no)\fR"
/* Request that the Postfix SMTP server produces Received: message
/* headers that include information about the protocol and cipher used,
/* \fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
/* .PP
/* Available in Postfix version 2.6 and later:
-/* .IP "\fBsmtpd_tls_protocols (!SSLv2, !SSLv3)\fR"
-/* List of TLS protocols that the Postfix SMTP server will exclude
-/* or include with opportunistic TLS encryption.
+/* .IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR"
+/* TLS protocols accepted by the Postfix SMTP server with opportunistic
+/* TLS encryption.
/* .IP "\fBsmtpd_tls_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP server
/* will use with opportunistic TLS encryption.
#define TLS_SSL_OP_MANAGED_BITS \
(SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0))
-extern int tls_protocol_mask(const char *);
+extern int tls_proto_mask_lims(const char *, int *, int *);
/*
* Cipher grade selection.
extern char *tls_cert_fprint(X509 *, const char *);
extern char *tls_pkey_fprint(X509 *, const char *);
extern char *tls_serverid_digest(TLS_SESS_STATE *,
- const TLS_CLIENT_START_PROPS *, long, const char *);
+ const TLS_CLIENT_START_PROPS *, const char *);
/*
* tls_certkey.c
{
int sts;
int protomask;
+ int min_proto;
+ int max_proto;
const char *cipher_list;
SSL_SESSION *session = 0;
TLS_SESS_STATE *TLScontext;
* Per-session protocol restrictions must be applied to the SSL connection,
* as restrictions in the global context cannot be cleared.
*/
- protomask = tls_protocol_mask(props->protocols);
+ protomask = tls_proto_mask_lims(props->protocols, &min_proto, &max_proto);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("%s: Invalid TLS protocol list \"%s\": aborting TLS session",
tls_free_context(TLScontext);
return (0);
}
+#define CARP_VERSION(which) do { \
+ if (which##_proto != 0) \
+ msg_warn("%s: error setting %simum TLS version to: 0x%04x", \
+ TLScontext->namaddr, #which, which##_proto); \
+ else \
+ msg_warn("%s: error clearing %simum TLS version", \
+ TLScontext->namaddr, #which); \
+ } while (0)
/*
* Apply session protocol restrictions.
*/
if (protomask != 0)
SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask));
+ if (!SSL_set_min_proto_version(TLScontext->con, min_proto))
+ CARP_VERSION(min);
+ if (!SSL_set_max_proto_version(TLScontext->con, max_proto))
+ CARP_VERSION(max);
/*
* When applicable, configure DNS-based or synthetic (fingerprint or
* parameters and append it to the serverid.
*/
TLScontext->serverid =
- tls_serverid_digest(TLScontext, props, protomask, cipher_list);
+ tls_serverid_digest(TLScontext, props, cipher_list);
/*
* When authenticating the peer, use 80-bit plus OpenSSL security level
/* SYNOPSIS
/* #include <tls.h>
/*
-/* char *tls_serverid_digest(TLScontext, props, protomask, ciphers)
+/* char *tls_serverid_digest(TLScontext, props, ciphers)
/* TLS_SESS_STATE *TLScontext;
/* const TLS_CLIENT_START_PROPS *props;
-/* long protomask;
/* const char *ciphers;
/*
/* char *tls_digest_encode(md_buf, md_len)
char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
const TLS_CLIENT_START_PROPS *props,
- long protomask, const char *ciphers)
+ const char *ciphers)
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
digest_string(props->helo ? props->helo : "");
digest_object(&sslversion);
- digest_object(&protomask);
+ digest_string(props->protocols);
digest_string(ciphers);
/*
/*
/* void tls_param_init()
/*
-/* int tls_protocol_mask(plist)
+/* int tls_proto_mask_lims(plist, floor, ceiling)
/* const char *plist;
+/* int *floor;
+/* int *ceiling;
/*
/* int tls_cipher_grade(name)
/* const char *name;
/* entering a chroot jail. The "role" parameter must be TLS_ROLE_CLIENT
/* for clients and TLS_ROLE_SERVER for servers. Any errors are fatal.
/*
-/* tls_protocol_mask() returns a bitmask of excluded protocols, given
-/* a list (plist) of protocols to include or (preceded by a '!') exclude.
-/* If "plist" contains invalid protocol names, TLS_PROTOCOL_INVALID is
-/* returned and no warning is logged.
+/* tls_proto_mask_lims() returns a bitmask of excluded protocols, and
+/* and the protocol version floor/ceiling, given a list (plist) of
+/* protocols to include or (preceded by a '!') exclude, or constraints
+/* of the form '>=name', '<=name', '>=hexvalue', '<=hexvalue'. If "plist"
+/* contains invalid protocol names, TLS_PROTOCOL_INVALID is returned and
+/* no warning is logged.
/*
/* tls_cipher_grade() converts a case-insensitive cipher grade
/* name (high, medium, low, export, null) to the corresponding
0, TLS_PROTOCOL_INVALID,
};
+/*
+ * Protocol name => numeric version, for MinProtocol and MaxProtocol
+ */
+static const NAME_CODE tls_version_table[] = {
+ "None", 0,
+ SSL_TXT_SSLV3, SSL3_VERSION,
+ SSL_TXT_TLSV1, TLS1_VERSION,
+ SSL_TXT_TLSV1_1, TLS1_1_VERSION,
+ SSL_TXT_TLSV1_2, TLS1_2_VERSION,
+ TLS_PROTOCOL_TXT_TLSV1_3, TLS1_3_VERSION,
+ 0, -1,
+};
+
/*
* SSL_OP_MUMBLE bug work-around name <=> mask conversion.
*/
app_ctx->log_mask = log_mask;
}
-/* tls_protocol_mask - Bitmask of protocols to exclude */
+/* parse_version - parse TLS protocol version name or hex number */
-int tls_protocol_mask(const char *plist)
+static int parse_tls_version(const char *tok, int *version)
+{
+ int code = name_code(tls_version_table, NAME_CODE_FLAG_NONE, tok);
+ char *_end;
+ unsigned long ulval;
+
+ if (code != -1) {
+ *version = code;
+ return (0);
+ }
+ errno = 0;
+ ulval = strtoul(tok, &_end, 16);
+ if (*_end != 0
+ || (ulval == ULONG_MAX && errno == ERANGE)
+ || ulval > INT_MAX)
+ return TLS_PROTOCOL_INVALID;
+
+ *version = (int) ulval;
+ return (0);
+}
+
+/* tls_proto_mask_lims - protocols to exclude and floor/ceiling */
+
+int tls_proto_mask_lims(const char *plist, int *floor, int *ceiling)
{
char *save;
char *tok;
return (res); \
} while (0)
+ *floor = *ceiling = 0;
+
save = cp = mystrdup(plist);
while ((tok = mystrtok(&cp, CHARS_COMMA_SP ":")) != 0) {
- if (*tok == '!')
+ if (strncmp(tok, ">=", 2) == 0)
+ code = parse_tls_version(tok + 2, floor);
+ else if (strncmp(tok, "<=", 2) == 0)
+ code = parse_tls_version(tok + 2, ceiling);
+ else if (*tok == '!')
exclude |= code =
name_code(protocol_table, NAME_CODE_FLAG_NONE, ++tok);
else
int scache_timeout;
int ticketable = 0;
int protomask;
+ int min_proto;
+ int max_proto;
TLS_APPL_STATE *app_ctx;
int log_mask;
/*
* First validate the protocols. If these are invalid, we can't continue.
*/
- protomask = tls_protocol_mask(props->protocols);
+ protomask = tls_proto_mask_lims(props->protocols, &min_proto, &max_proto);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("Invalid TLS protocol list \"%s\": disabling TLS support",
*/
if (protomask != 0)
SSL_CTX_set_options(server_ctx, TLS_SSL_OP_PROTOMASK(protomask));
+ SSL_CTX_set_min_proto_version(server_ctx, min_proto);
+ SSL_CTX_set_max_proto_version(server_ctx, max_proto);
+ SSL_CTX_set_min_proto_version(sni_ctx, min_proto);
+ SSL_CTX_set_max_proto_version(sni_ctx, max_proto);
/*
* Some sites may want to give the client less rope. On the other hand,
projects / thirdparty / postfix.git / commitdiff
