From: Wietse Venema Date: Sun, 22 Apr 2012 05:00:00 +0000 (-0500) Subject: postfix-2.10-20120422 X-Git-Tag: v2.10.0-RC1~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1084d50ada21bdd7a34462785c8b75b255c187c4;p=thirdparty%2Fpostfix.git postfix-2.10-20120422 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 4091d3298..fea7b1d5b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17723,3 +17723,12 @@ Apologies for any names omitted. Bugfix (introduced: 20120330): don't replace by when a reply footer starts with \c and contains no \n. File: global/smtp_reply_footer.c. + +20120422 + + Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the + known TLS protocol list so that protocols can be turned off + selectively to work around implementation bugs. Based on + a patch by Victor Duchovni. Files: proto/TLS_README.html, + proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, + tls/tls_server.c. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 2ac714f1f..aa2e38859 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -484,11 +484,17 @@ The "smtpd_tls_ciphers" configuration parameter (Postfix >= 2.6) provides control over the minimum cipher grade for opportunistic TLS. With Postfix < 2.6, the minimum opportunistic TLS cipher grade is always "export". -With mandatory TLS encryption, the Postfix SMTP server will by default only use -SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The -mandatory TLS protocol list is specified via the smtpd_tls_mandatory_protocols -configuration parameter. The corresponding smtpd_tls_protocols parameter -(Postfix >= 2.6) controls the SSL/TLS protocols used with opportunistic TLS. +With mandatory TLS encryption, the Postfix SMTP server will by default disable +SSLv2. SSLv2 is used only when TLS encryption is optional. The mandatory TLS +protocol list is specified via the smtpd_tls_mandatory_protocols configuration +parameter. The corresponding smtpd_tls_protocols parameter (Postfix >= 2.6) +controls the SSL/TLS protocols used with opportunistic TLS. + +Note that the OpenSSL library only supports protocol exclusion (not inclusion). +For this reason, Postfix can exclude only protocols that are known at the time +the Postfix software is written. If new protocols are added to the OpenSSL +library, they cannot be excluded without corresponding changes to the Postfix +source code. For a server that is not a public Internet MX host, Postfix supports configurations with no server certificates that use oonnllyy the anonymous ciphers. @@ -504,7 +510,7 @@ Example, MSA that requires TLSv1, not SSLv2 or SSLv3, with high grade ciphers: smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt smtpd_tls_mandatory_protocols = TLSv1 - # Also available with Postfix >= 2.5: + # Preferred interface with Postfix >= 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 If you want to take advantage of ciphers with ephemeral Diffie-Hellman (EDH) @@ -536,9 +542,9 @@ Examples: smtpd_tls_eecdh_grade = strong Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later allows TLS -servers to preempt the TLS client's cipher preference list. This is only -possible with SSLv3, as in SSLv2 the client chooses the cipher from a list -supplied by the server. +servers to preempt the TLS client's cipher preference list. This is possible +only with SSLv3 and later, as in SSLv2 the client chooses the cipher from a +list supplied by the server. By default, the OpenSSL server selects the client's most preferred cipher that the server supports. With SSLv3 and later, the server may choose its own most @@ -720,9 +726,9 @@ the Postfix TLS policy table, specify the "encrypt" security level. Examples: In the example below, traffic to example.com and its sub-domains via the -corresponding MX hosts always uses TLS. The protocol version will be "SSLv3" or -"TLSv1" (the default setting of smtp_tls_mandatory_protocols excludes "SSLv2"). -Only high or medium strength (i.e. 128 bit or better) ciphers will be used by +corresponding MX hosts always uses TLS. The SSLv2 protocol will be disabled +(the default setting of smtp_tls_mandatory_protocols excludes "SSLv2"). Only +high- or medium-strength (i.e. 128 bit or better) ciphers will be used by default for all "encrypt" security level sessions. /etc/postfix/main.cf: @@ -1409,11 +1415,11 @@ The "smtp_tls_ciphers" configuration parameter (Postfix >= 2.6) provides control over the minimum cipher grade for opportunistic TLS. With Postfix < 2.6, the minimum opportunistic TLS cipher grade is always "export". -With mandatory TLS encryption, the Postfix SMTP client will by default only use -SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The -mandatory TLS protocol list is specified via the smtp_tls_mandatory_protocols -configuration parameter. The corresponding smtp_tls_protocols parameter -(Postfix >= 2.6) controls the SSL/TLS protocols used with opportunistic TLS. +With mandatory TLS encryption, the Postfix SMTP client will by default disable +SSLv2. SSLv2 is used only when TLS encryption is optional. The mandatory TLS +protocol list is specified via the smtp_tls_mandatory_protocols configuration +parameter. The corresponding smtp_tls_protocols parameter (Postfix >= 2.6) +controls the SSL/TLS protocols used with opportunistic TLS. Example: diff --git a/postfix/WISHLIST b/postfix/WISHLIST index d14932296..8e98f5348 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -9,6 +9,12 @@ Wish list: Don't forget Apple's code donation for fetching mail from IMAP server. + When faking up the DSN ORCPT, don't send bare usernames + from local command-line submission. + + lmtp_assume_final is broken. A 2XX response does not imply + final delivery. The Sieve language implements accept-then-bounce. + postscreen: in the dummy SMTP engine, log the protocol state at time of violation (like smtpd, set state->where initially to CONNECT, then update it with the name of the last "known" diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index d7ce9a8a1..99a756d70 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -704,12 +704,18 @@ Postfix < 2.6, the minimum opportunistic TLS cipher grade is always "export".

With mandatory TLS encryption, the Postfix SMTP server will by -default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption +default disable SSLv2. SSLv2 is used only when TLS encryption is optional. The mandatory TLS protocol list is specified via the smtpd_tls_mandatory_protocols configuration parameter. The corresponding smtpd_tls_protocols parameter (Postfix ≥ 2.6) controls the SSL/TLS protocols used with opportunistic TLS.

+

Note that the OpenSSL library only supports protocol exclusion +(not inclusion). For this reason, Postfix can exclude only protocols +that are known at the time the Postfix software is written. If new +protocols are added to the OpenSSL library, they cannot be excluded +without corresponding changes to the Postfix source code.

+

For a server that is not a public Internet MX host, Postfix supports configurations with no server certificates that use only the anonymous ciphers. This is @@ -728,7 +734,7 @@ ciphers:

smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt smtpd_tls_mandatory_protocols = TLSv1 - # Also available with Postfix ≥ 2.5: + # Preferred interface with Postfix ≥ 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 @@ -773,8 +779,8 @@ secure for most situations.

Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later allows TLS servers to preempt the TLS client's cipher preference list. -This is only possible with SSLv3, as in SSLv2 the client chooses the -cipher from a list supplied by the server.

+This is possible only with SSLv3 and later, as in SSLv2 the client +chooses the cipher from a list supplied by the server.

By default, the OpenSSL server selects the client's most preferred cipher that the server supports. With SSLv3 and later, the server @@ -1010,9 +1016,9 @@ table, specify the "encrypt" security level.

Examples:

In the example below, traffic to example.com and its sub-domains -via the corresponding MX hosts always uses TLS. The protocol version will be -"SSLv3" or "TLSv1" (the default setting of smtp_tls_mandatory_protocols -excludes "SSLv2"). Only high or medium strength (i.e. 128 bit or +via the corresponding MX hosts always uses TLS. The SSLv2 protocol +will be disabled (the default setting of smtp_tls_mandatory_protocols +excludes "SSLv2"). Only high- or medium-strength (i.e. 128 bit or better) ciphers will be used by default for all "encrypt" security level sessions.

@@ -1883,7 +1889,7 @@ Postfix < 2.6, the minimum opportunistic TLS cipher grade is always "export".

With mandatory TLS encryption, the Postfix SMTP client will by -default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption +default disable SSLv2. SSLv2 is used only when TLS encryption is optional. The mandatory TLS protocol list is specified via the smtp_tls_mandatory_protocols configuration parameter. The corresponding smtp_tls_protocols parameter (Postfix ≥ 2.6) controls diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index fd7778a28..637e19d1d 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4775,7 +4775,7 @@ configuration parameter. See there for details.

lmtp_tls_mandatory_protocols -(default: SSLv3, TLSv1)
+(default: !SSLv2)

The LMTP-specific version of the smtp_tls_mandatory_protocols configuration parameter. See there for details.

@@ -11060,7 +11060,7 @@ attribute. See smtp_tls_policy_ma
smtp_tls_mandatory_protocols -(default: SSLv3, TLSv1)
+(default: !SSLv2)

List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. In main.cf the values are separated by @@ -11069,12 +11069,19 @@ whitespace, commas or colons. In the policy table "protocols" attribute empty value means allow all protocols. The valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

+

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" +and "TLSv1.2". If an older Postfix version is linked against OpenSSL +1.0.1 or later, these, or any other new protocol versions, are +unconditionally enabled.

+

With Postfix ≥ 2.5 the parameter syntax is expanded to support protocol exclusions. One can now explicitly exclude SSLv2 by setting "smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing -the protocols to include, rather than protocols to exclude, is still -supported; use the form you find more intuitive.

+the protocols to include, rather than protocols to exclude, is +supported, but not recommended. The exclusion form more closely +matches the behaviour when the OpenSSL library is newer than Postfix. +

Since SSL version 2 has known protocol weaknesses and is now deprecated, the default setting excludes "SSLv2". This means that by @@ -11346,14 +11353,18 @@ separator is colon. An empty value means allow all protocols. The valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

+

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" +and "TLSv1.2". If an older Postfix version is linked against OpenSSL +1.0.1 or later, these, or any other new protocol versions, are +unconditionally enabled.

+

To include a protocol list its name, to exclude it, prefix the name with a "!" character. To exclude SSLv2 even for opportunistic TLS set "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to -include, is supported, but not recommended. OpenSSL provides no mechanisms -for excluding protocols not known at compile-time. If Postfix is linked -against an OpenSSL library that supports additional protocol versions, -they cannot be excluded using either syntax.

+include, rather than protocols to exclude, is supported, but not +recommended. The exclusion form more closely matches the behaviour +when the OpenSSL library is newer than Postfix.

Example: 

@@ -14911,7 +14922,7 @@ works in addition to the exclusions listed with smtpd_tls_mandatory_protocols
-(default: SSLv3, TLSv1)

+(default: !SSLv2)

 
 
 The SSL/TLS protocols accepted by the Postfix SMTP server with
 mandatory TLS encryption. If the list is empty, the server supports all
@@ -14920,12 +14931,19 @@ of protocol
 names separated by whitespace, commas or colons. The supported protocol
 names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 With Postfix ≥ 2.5 the parameter syntax is expanded to support
 protocol exclusions. One can now explicitly exclude SSLv2 by setting
 "smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
 SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is still
-supported, use the form you find more intuitive. 

+the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more closely
+matches the behaviour when the OpenSSL library is newer than Postfix.
+

 
 
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that
@@ -14959,14 +14977,18 @@ names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
 "TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
 values are separated by a colon. 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, is supported, but not recommended. OpenSSL provides no mechanisms
-for excluding protocols not known at compile-time. If Postfix is linked
-against an OpenSSL library that supports additional protocol versions,
-they cannot be excluded using either syntax. 

+include, rather than protocols to exclude, is supported, but not
+recommended.  The exclusion form more closely matches the behaviour
+when the OpenSSL library is newer than Postfix.  

 
 
 Example: 

 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 7c7daaff5..6d3a60ea6 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2639,7 +2639,7 @@ The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers
 configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.3 and later.
-.SH lmtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
+.SH lmtp_tls_mandatory_protocols (default: !SSLv2)
 The LMTP-specific version of the smtp_tls_mandatory_protocols
 configuration parameter. See there for details.
 .PP
@@ -6659,7 +6659,7 @@ specified on a per-destination basis via the TLS policy "exclude"
 attribute. See smtp_tls_policy_maps for notes and examples.
 .PP
 This feature is available in Postfix 2.3 and later.
-.SH smtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
+.SH smtp_tls_mandatory_protocols (default: !SSLv2)
 List of SSL/TLS protocols that the Postfix SMTP client will use with
 mandatory TLS encryption.  In main.cf the values are separated by
 whitespace, commas or colons. In the policy table "protocols" attribute
@@ -6667,12 +6667,18 @@ whitespace, commas or colons. In the policy table "protocols" attribute
 empty value means allow all protocols. The valid protocol names, (see
 \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and "TLSv1".
 .PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled.
+.PP
 With Postfix >= 2.5 the parameter syntax is expanded to support
 protocol exclusions. One can now explicitly exclude SSLv2 by setting
 "smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
 SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is still
-supported; use the form you find more intuitive.
+the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more closely
+matches the behaviour when the OpenSSL library is newer than Postfix.
 .PP
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that by
@@ -6923,14 +6929,18 @@ separator is colon. An empty value means allow all protocols. The valid
 protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
 and "TLSv1".
 .PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled.
+.PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, is supported, but not recommended. OpenSSL provides no mechanisms
-for excluding protocols not known at compile-time. If Postfix is linked
-against an OpenSSL library that supports additional protocol versions,
-they cannot be excluded using either syntax.
+include, rather than protocols to exclude, is supported, but not
+recommended.  The exclusion form more closely matches the behaviour
+when the OpenSSL library is newer than Postfix.
 .PP
 Example:
 .nf
@@ -9615,7 +9625,7 @@ works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
 (see there for syntax details).
 .PP
 This feature is available in Postfix 2.3 and later.
-.SH smtpd_tls_mandatory_protocols (default: SSLv3, TLSv1)
+.SH smtpd_tls_mandatory_protocols (default: !SSLv2)
 The SSL/TLS protocols accepted by the Postfix SMTP server with
 mandatory TLS encryption. If the list is empty, the server supports all
 available SSL/TLS protocol versions.  A non-empty value is a list
@@ -9623,12 +9633,18 @@ of protocol
 names separated by whitespace, commas or colons. The supported protocol
 names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.
 .PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled.
+.PP
 With Postfix >= 2.5 the parameter syntax is expanded to support
 protocol exclusions. One can now explicitly exclude SSLv2 by setting
 "smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
 SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is still
-supported, use the form you find more intuitive.
+the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more closely
+matches the behaviour when the OpenSSL library is newer than Postfix.
 .PP
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that
@@ -9660,14 +9676,18 @@ names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and
 "TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
 values are separated by a colon.
 .PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled.
+.PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, is supported, but not recommended. OpenSSL provides no mechanisms
-for excluding protocols not known at compile-time. If Postfix is linked
-against an OpenSSL library that supports additional protocol versions,
-they cannot be excluded using either syntax.
+include, rather than protocols to exclude, is supported, but not
+recommended.  The exclusion form more closely matches the behaviour
+when the OpenSSL library is newer than Postfix.
 .PP
 Example:
 .nf
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index b2500d351..5f872d41d 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -704,12 +704,18 @@ Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
 "export". 

 
 
 With mandatory TLS encryption, the Postfix SMTP server will by
-default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+default disable SSLv2. SSLv2 is used only when TLS encryption
 is optional. The mandatory TLS protocol list is specified via the
 smtpd_tls_mandatory_protocols configuration parameter.  The
 corresponding smtpd_tls_protocols parameter (Postfix ≥ 2.6)
 controls the SSL/TLS protocols used with opportunistic TLS. 

 
+
 Note that the OpenSSL library only supports protocol exclusion
+(not inclusion). For this reason, Postfix can exclude only protocols
+that are known at the time the Postfix software is written. If new
+protocols are added to the OpenSSL library, they cannot be excluded
+without corresponding changes to the Postfix source code. 

+
 
 For a server that is not a public Internet MX host, Postfix
 supports configurations with no server
 certificates that use only the anonymous ciphers. This is
@@ -728,7 +734,7 @@ ciphers: 

     smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
     smtpd_tls_security_level = encrypt
     smtpd_tls_mandatory_protocols = TLSv1
-    # Also available with Postfix ≥ 2.5:
+    # Preferred interface with Postfix ≥ 2.5:
     smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 

 
@@ -773,8 +779,8 @@ secure for most situations. 

 
 
 Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later
 allows TLS servers to preempt the TLS client's cipher preference list.
-This is only possible with SSLv3, as in SSLv2 the client chooses the
-cipher from a list supplied by the server. 

+This is possible only with SSLv3 and later, as in SSLv2 the client
+chooses the cipher from a list supplied by the server. 

 
 
 By default, the OpenSSL server selects the client's most preferred
 cipher that the server supports. With SSLv3 and later, the server
@@ -1010,9 +1016,9 @@ table, specify the "encrypt" security level.
 
 Examples: 

 
 
 In the example below, traffic to example.com and its sub-domains
-via the corresponding MX hosts always uses TLS. The protocol version will be
-"SSLv3" or "TLSv1" (the default setting of smtp_tls_mandatory_protocols
-excludes "SSLv2"). Only high or medium strength (i.e. 128 bit or
+via the corresponding MX hosts always uses TLS. The SSLv2 protocol
+will be disabled (the default setting of smtp_tls_mandatory_protocols
+excludes "SSLv2"). Only high- or medium-strength (i.e. 128 bit or
 better) ciphers will be used by default for all "encrypt" security
 level sessions. 

 
@@ -1883,7 +1889,7 @@ Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
 "export". 

 
 
 With mandatory TLS encryption, the Postfix SMTP client will by
-default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+default disable SSLv2. SSLv2 is used only when TLS encryption
 is optional. The mandatory TLS protocol list is specified via the
 smtp_tls_mandatory_protocols configuration parameter.  The corresponding
 smtp_tls_protocols parameter (Postfix ≥ 2.6) controls
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 6e54e3a59..df7dfc72f 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -10476,7 +10476,7 @@ configurations in environments where DNS security is not assured. 

 
 
 This feature is available in Postfix 2.3 and later. 

 
-%PARAM smtp_tls_mandatory_protocols SSLv3, TLSv1
+%PARAM smtp_tls_mandatory_protocols !SSLv2
 
 
 List of SSL/TLS protocols that the Postfix SMTP client will use with
 mandatory TLS encryption.  In main.cf the values are separated by
@@ -10485,12 +10485,19 @@ whitespace, commas or colons. In the policy table "protocols" attribute
 empty value means allow all protocols. The valid protocol names, (see
 SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1". 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 With Postfix ≥ 2.5 the parameter syntax is expanded to support
 protocol exclusions. One can now explicitly exclude SSLv2 by setting
 "smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
 SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is still
-supported; use the form you find more intuitive. 

+the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more closely
+matches the behaviour when the OpenSSL library is newer than Postfix.
+

 
 
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that by
@@ -10635,7 +10642,7 @@ configuration parameter. See there for details. 

 
 
 This feature is available in Postfix 2.3 and later. 

 
-%PARAM lmtp_tls_mandatory_protocols SSLv3, TLSv1
+%PARAM lmtp_tls_mandatory_protocols !SSLv2
 
 
 The LMTP-specific version of the smtp_tls_mandatory_protocols
 configuration parameter. See there for details. 

@@ -10656,7 +10663,7 @@ configuration parameter. See there for details. 

 
 
 This feature is available in Postfix 2.3 and later. 

 
-%PARAM smtpd_tls_mandatory_protocols SSLv3, TLSv1
+%PARAM smtpd_tls_mandatory_protocols !SSLv2
 
 
 The SSL/TLS protocols accepted by the Postfix SMTP server with
 mandatory TLS encryption. If the list is empty, the server supports all
@@ -10665,12 +10672,19 @@ of protocol
 names separated by whitespace, commas or colons. The supported protocol
 names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 With Postfix ≥ 2.5 the parameter syntax is expanded to support
 protocol exclusions. One can now explicitly exclude SSLv2 by setting
 "smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
 SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
-the protocols to include, rather than protocols to exclude, is still
-supported, use the form you find more intuitive. 

+the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more closely
+matches the behaviour when the OpenSSL library is newer than Postfix.
+

 
 
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that
@@ -11697,14 +11711,18 @@ separator is colon. An empty value means allow all protocols. The valid
 protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3"
 and "TLSv1". 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, is supported, but not recommended. OpenSSL provides no mechanisms
-for excluding protocols not known at compile-time. If Postfix is linked
-against an OpenSSL library that supports additional protocol versions,
-they cannot be excluded using either syntax. 

+include, rather than protocols to exclude, is supported, but not
+recommended.  The exclusion form more closely matches the behaviour
+when the OpenSSL library is newer than Postfix.  

 
 
 Example: 

 
@@ -11727,14 +11745,18 @@ names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
 "TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
 values are separated by a colon. 

 
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". If an older Postfix version is linked against OpenSSL
+1.0.1 or later, these, or any other new protocol versions, are
+unconditionally enabled. 

+
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
-include, is supported, but not recommended. OpenSSL provides no mechanisms
-for excluding protocols not known at compile-time. If Postfix is linked
-against an OpenSSL library that supports additional protocol versions,
-they cannot be excluded using either syntax. 

+include, rather than protocols to exclude, is supported, but not
+recommended.  The exclusion form more closely matches the behaviour
+when the OpenSSL library is newer than Postfix.  

 
 
 Example: 

 
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index d1ddd919d..ae960984b 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -1257,7 +1257,7 @@ extern char *var_smtpd_tls_CApath;
 extern char *var_smtpd_tls_proto;
 
 #define VAR_SMTPD_TLS_MAND_PROTO	"smtpd_tls_mandatory_protocols"
-#define DEF_SMTPD_TLS_MAND_PROTO	"SSLv3, TLSv1"
+#define DEF_SMTPD_TLS_MAND_PROTO	"!SSLv2"
 extern char *var_smtpd_tls_mand_proto;
 
 #define VAR_SMTPD_TLS_CIPH	"smtpd_tls_ciphers"
@@ -1470,9 +1470,9 @@ extern char *var_smtp_tls_policy;
 extern char *var_smtp_tls_proto;
 
 #define VAR_SMTP_TLS_MAND_PROTO	"smtp_tls_mandatory_protocols"
-#define DEF_SMTP_TLS_MAND_PROTO	"SSLv3, TLSv1"
+#define DEF_SMTP_TLS_MAND_PROTO	"!SSLv2"
 #define VAR_LMTP_TLS_MAND_PROTO	"lmtp_tls_mandatory_protocols"
-#define DEF_LMTP_TLS_MAND_PROTO	"SSLv3, TLSv1"
+#define DEF_LMTP_TLS_MAND_PROTO	"!SSLv2"
 extern char *var_smtp_tls_mand_proto;
 
 #define VAR_SMTP_TLS_VFY_CMATCH	"smtp_tls_verify_cert_match"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index c5a2f3f94..3041dc9fd 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120407"
+#define MAIL_RELEASE_DATE	"20120422"
 #define MAIL_VERSION_NUMBER	"2.10"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index da52fd8f3..e121c94dd 100644
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -173,8 +173,19 @@ extern void tls_param_init(void);
 #define TLS_PROTOCOL_SSLv2	(1<<0)	/* SSLv2 */
 #define TLS_PROTOCOL_SSLv3	(1<<1)	/* SSLv3 */
 #define TLS_PROTOCOL_TLSv1	(1<<2)	/* TLSv1 */
+#ifdef SSL_TXT_TLSV1_1
+#define TLS_PROTOCOL_TLSv1_1	(1<<3)	/* TLSv1_1 */
+#else
+#define TLS_PROTOCOL_TLSv1_1	0	/* Unknown */
+#endif
+#ifdef SSL_TXT_TLSV1_2
+#define TLS_PROTOCOL_TLSv1_2	(1<<4)	/* TLSv1_2 */
+#else
+#define TLS_PROTOCOL_TLSv1_2	0	/* Unknown */
+#endif
 #define TLS_KNOWN_PROTOCOLS	\
-	( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 )
+	( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
+	   | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 )
 
 extern int tls_protocol_mask(const char *);
 
diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c
index 37ee27a50..b75bca5b5 100644
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -859,6 +859,12 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
     if (protomask != 0)
 	SSL_set_options(TLScontext->con,
 		   ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
+#ifdef SSL_OP_NO_TLSv1_1
+	     | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+	     | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
+#endif
 		 | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
 	       | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
 
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 33dbdf3f5..8c5d0f1c3 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -224,6 +224,12 @@ static const NAME_CODE protocol_table[] = {
     SSL_TXT_SSLV2, TLS_PROTOCOL_SSLv2,
     SSL_TXT_SSLV3, TLS_PROTOCOL_SSLv3,
     SSL_TXT_TLSV1, TLS_PROTOCOL_TLSv1,
+#ifdef SSL_TXT_TLSV1_1
+    SSL_TXT_TLSV1_1, TLS_PROTOCOL_TLSv1_1,
+#endif
+#ifdef SSL_TXT_TLSV1_2
+    SSL_TXT_TLSV1_2, TLS_PROTOCOL_TLSv1_2,
+#endif
     0, TLS_PROTOCOL_INVALID,
 };
 
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index ffc0ffad9..245722216 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -403,6 +403,12 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
     if (protomask != 0)
 	SSL_CTX_set_options(server_ctx,
 		   ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
+#ifdef SSL_OP_NO_TLSv1_1
+	     | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+	     | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
+#endif
 		 | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
 	       | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));