Disabling TLS 1.0 and 1.1 in Postfix

May, Fri, 2024
Oracle Linux , Redhat

Postfix supports TLS 1.2 from version 2.6 and TLS 1.3 from version 3.4 and newer. You can check the version you are using with the command:

postconf -d | grep mail_version

If your installation is up-to-date enough you can set a minimum requirement of TLS 1.2 as follows:

Step 1

Open Postfix’ configuration, in nearly all cases the file will be:

vi /etc/postfix/main.conf

Step 2

Add the lines below to the bottom of the opened file:

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Save the changes and close the file (escape + :wq!). Finally, restart service postfix.

WIKINIX

WIKINIX

Disabling TLS 1.0 and 1.1 in Postfix

Disabling TLS 1.0 and 1.1 in Postfix

Leave a Reply Cancel reply