Disabling SSLv3 in postfix

1 files changed, 4 insertions, 2 deletions

diff --git a/manifests/tls/hardened.pp b/manifests/tls/hardened.pp
index 67f68da..63306f5 100644
--- a/manifests/tls/hardened.pp
+++ b/manifests/tls/hardened.pp
@@ -1,10 +1,12 @@
 class mail::tls::hardened inherits mail::tls {
   # Hardened config
   postfix::config { "smtpd_tls_ciphers":                value => 'high' }
-  postfix::config { "smtp_tls_protocols":               value => '!SSLv2, SSLv3, TLSv1' }
+  postfix::config { "smtp_tls_protocols":               value => '!SSLv2, !SSLv3' }
+  postfix::config { "smtp_tls_mandatory_protocols"      value => '!SSLv2, !SSLv3' }
   postfix::config { "smtp_tls_note_starttls_offer":     value => 'yes' }
   postfix::config { "smtpd_tls_received_header":        value => 'yes' }
-  postfix::config { "smtpd_tls_mandatory_protocols":    value => 'TLSv1' }
+  postfix::config { "smtpd_tls_protocols":              value => '!SSLv2, !SSLv3' }
+  postfix::config { "smtpd_tls_mandatory_protocols":    value => '!SSLv2, !SSLv3' }
   postfix::config { "smtpd_tls_session_cache_database": value => 'btree:${data_directory}/smtpd_scache' }
   postfix::config { "smtp_tls_session_cache_database":  value => 'btree:${data_directory}/smtp_scache' }