80695d3aeb
20150501 Support for Linux 4.*, and some simplification for future makedefs files. Files: makedefs, util/sys_defs.h. 20150718 Security: opportunistic TLS by default uses "medium" or stronger ciphers instead of "export" or stronger. See the RELEASE_NOTES file for how to get the old settings back. Files: global/mail_params.h, proto/TLS_README.html, proto/postconf.proto, and files derived from those. 20150719 Security: Postfix TLS support by default no longer uses SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get the old settings back. Files: global/mail_params.h, proto/postconf.proto, and files derived from those. Incompatible change with Postfix 2.11.6 / 3.0.2 ------------------------------------------------- As of the middle of 2015, all supported Postfix releases no longer enable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or opportunistic TLS. These changes are very unlikely to cause problems with server-to-server communication over the Internet, but they may result in interoperability problems with ancient client or server implementations on internal networks. To address this problem, you can revert the changes with: Postfix SMTP client settings: lmtp_tls_ciphers = export smtp_tls_ciphers = export lmtp_tls_protocols = !SSLv2 smtp_tls_protocols = !SSLv2 lmtp_tls_mandatory_protocols = !SSLv2 smtp_tls_mandatory_protocols = !SSLv2 Postfix SMTP server settings: smtpd_tls_ciphers = export smtpd_tls_protocols = smtpd_tls_mandatory_protocols = !SSLv2 These settings, if put in main.cf, affect all Postfix SMTP client or server communication, which may be undesirable. To be more selective, use "-o name=value" parameter overrides on specific services in master.cf. Execute the command "postfix reload" to make the changes effective. |
||
---|---|---|
.. | ||
files | ||
distinfo | ||
Makefile | ||
pkg-descr | ||
pkg-plist |