From: Ivan Rako <irako@nekkar.carnet.hr>
Date: Mon, 21 Dec 2009 12:15:23 +0000 (+0100)
Subject: postavlja neke tls parametre
X-Git-Tag: debian/2.7.1-1~11
X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=postfix-cn.git;a=commitdiff_plain;h=ec953e860d0905cf3827b085a1b4f593d75128cf

postavlja neke tls parametre
---

diff --git a/debian/changelog b/debian/changelog
index 6580f6b..ef7fc49 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+postfix-cn (2.5.5-3lenny2) stable; urgency=medium
+
+  * Postavlja parametre:
+    - smtpd_tls_mandatory_protocols = SSLv3, TLSv1
+    - smtpd_tls_mandatory_ciphers = medium, high
+    - smtpd_tls_exclude_ciphers = aNULL
+    - smtpd_tls_mandatory_exclude_ciphers = aNULL
+
+ -- Ivan Rako <Ivan.Rako@CARNet.hr>  Mon, 21 Dec 2009 13:14:06 +0100
+
 postfix-cn (2.5.5-3lenny1) stable; urgency=medium
 
   * Prva verzija za lenny
diff --git a/debian/postinst b/debian/postinst
index 868dad4..80c04dc 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -288,6 +288,10 @@ postconf -e smtpd_tls_key_file="\$smtpd_tls_cert_file"
 postconf -e smtpd_tls_session_cache_database="sdbm:/var/lib/postfix/smtpd_scache"
 postconf -e smtpd_tls_session_cache_timeout="3600s"
 postconf -e tls_random_source="dev:/dev/urandom"
+postconf -e smtpd_tls_mandatory_protocols="SSLv3, TLSv1"
+postconf -e smtpd_tls_mandatory_ciphers="medium, high"
+postconf -e smtpd_tls_exclude_ciphers="aNULL"
+postconf -e smtpd_tls_mandatory_exclude_ciphers="aNULL"
 # ako je postavljen neki drugi certifikat, ne diraj
 smtp_tls_cert_file="`postconf -h smtp_tls_cert_file`"
 if [ -z "$smtp_tls_cert_file" ]; then