postfix-2.10-20120423

diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index aa2e388594fc1036cdbdb0e5f3db87c67919c753..1bf1d3076a83c9bcfad26ff36a398284f2183606 100644 (file)
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -509,9 +509,10 @@ Example, MSA that requires TLSv1, not SSLv2 or SSLv3, with high grade ciphers:
         smtpd_tls_mandatory_ciphers = high
         smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
         smtpd_tls_security_level = encrypt
-        smtpd_tls_mandatory_protocols = TLSv1
-        # Preferred interface with Postfix >= 2.5:
+        # Preferred form with Postfix >= 2.5:
         smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+        # Alternative form.
+        smtpd_tls_mandatory_protocols = TLSv1
 
 If you want to take advantage of ciphers with ephemeral Diffie-Hellman (EDH)
 key exchange (this offers "forward-secrecy"), DH parameters are needed. Instead
@@ -1427,9 +1428,10 @@ Example:
         smtp_tls_mandatory_ciphers = medium
         smtp_tls_mandatory_exclude_ciphers = RC4, MD5
         smtp_tls_exclude_ciphers = aNULL
-        smtp_tls_mandatory_protocols = SSLv3, TLSv1
-        # Also available with Postfix >= 2.5:
+        # Preferred form with Postfix >= 2.5:
         smtp_tls_mandatory_protocols = !SSLv2
+        # Alternative form.
+        smtp_tls_mandatory_protocols = SSLv3, TLSv1
         # Also available with Postfix >= 2.6:
         smtp_tls_ciphers = export
         smtp_tls_protocols = !SSLv2

diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 99a756d708aa22e51bedafa8a8df174cad9f90f7..51299360d13f141317128f4bd6f30a6bd3d90f2d 100644 (file)
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -733,9 +733,10 @@ ciphers: </p>
     <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
     <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
     <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
-    <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
-    # Preferred interface with Postfix &ge; 2.5:
+    # Preferred form with Postfix &ge; 2.5:
     <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+    # Alternative form.
+    <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
 </pre>
 </blockquote>
 
@@ -1903,9 +1904,10 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
     <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = medium
     <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = RC4, MD5
     <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
-    <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
-    # Also available with Postfix &ge; 2.5:
+    # Preferred form with Postfix &ge; 2.5:
     <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
+    # Alternative form.
+    <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
     # Also available with Postfix &ge; 2.6:
     <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
     <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 637e19d1d0121259e8873066adec11535d1a6afb..92f10ffea4613764a35ea9280b3dca7df3a81721 100644 (file)
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -11094,9 +11094,10 @@ and higher. </p>
 <p> Example: </p>
 
 <pre>
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
-# Alternative form with Postfix &ge; 2.5:
+# Preferred form with Postfix &ge; 2.5:
 <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
+# Alternative form.
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1
 </pre>
 
 <p> This feature is available in Postfix 2.3 and later. </p>

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 6d3a60ea60b9e3dc648e43472601ee1c2eae4903..0087dffc681ea47ed55d5d9002c685dd20c438a8 100644 (file)
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -6693,9 +6693,10 @@ Example:
 .nf
 .na
 .ft C
-smtp_tls_mandatory_protocols = TLSv1
-# Alternative form with Postfix >= 2.5:
+# Preferred form with Postfix >= 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Alternative form.
+smtp_tls_mandatory_protocols = TLSv1
 .fi
 .ad
 .ft R

diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 5f872d41da7b757a8a41318bd147e2a8d9203efc..063321020a0a5adf62235693e7165538f9b5a6ed 100644 (file)
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -733,9 +733,10 @@ ciphers: </p>
     smtpd_tls_mandatory_ciphers = high
     smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
     smtpd_tls_security_level = encrypt
-    smtpd_tls_mandatory_protocols = TLSv1
-    # Preferred interface with Postfix &ge; 2.5:
+    # Preferred form with Postfix &ge; 2.5:
     smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+    # Alternative form.
+    smtpd_tls_mandatory_protocols = TLSv1
 </pre>
 </blockquote>
 
@@ -1903,9 +1904,10 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
     smtp_tls_mandatory_ciphers = medium
     smtp_tls_mandatory_exclude_ciphers = RC4, MD5
     smtp_tls_exclude_ciphers = aNULL
-    smtp_tls_mandatory_protocols = SSLv3, TLSv1
-    # Also available with Postfix &ge; 2.5:
+    # Preferred form with Postfix &ge; 2.5:
     smtp_tls_mandatory_protocols = !SSLv2
+    # Alternative form.
+    smtp_tls_mandatory_protocols = SSLv3, TLSv1
     # Also available with Postfix &ge; 2.6:
     smtp_tls_ciphers = export
     smtp_tls_protocols = !SSLv2

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index df7dfc72ff542066faad5a2b485e9fca467c8915..b24622e01d9112d77d762d3487cb3f1938dcfb56 100644 (file)
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -10510,9 +10510,10 @@ TLS_README for more information about security levels. </p>
 <p> Example: </p>
 
 <pre>
-smtp_tls_mandatory_protocols = TLSv1
-# Alternative form with Postfix &ge; 2.5:
+# Preferred form with Postfix &ge; 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# Alternative form.
+smtp_tls_mandatory_protocols = TLSv1
 </pre>
 
 <p> This feature is available in Postfix 2.3 and later. </p>

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 3041dc9fd14864db944b588fabe8522a0f74e876..60d100f9771ee21b50ced3d4c7c8feb9aa985416 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20120422"
+#define MAIL_RELEASE_DATE      "20120423"
 #define MAIL_VERSION_NUMBER    "2.10"
 
 #ifdef SNAPSHOT