From d26af22932b1c868512dcb39644bdb577adb160b Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 26 Oct 2014 13:36:16 -0200 Subject: Disabling tls compression --- manifests/tls/hardened.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests/tls') diff --git a/manifests/tls/hardened.pp b/manifests/tls/hardened.pp index 78d8093..735135c 100644 --- a/manifests/tls/hardened.pp +++ b/manifests/tls/hardened.pp @@ -9,6 +9,7 @@ class mail::tls::hardened inherits mail::tls { postfix::config { "smtpd_tls_mandatory_protocols": value => '!SSLv2, !SSLv3' } postfix::config { "smtpd_tls_session_cache_database": value => 'btree:${data_directory}/smtpd_scache' } postfix::config { "smtp_tls_session_cache_database": value => 'btree:${data_directory}/smtp_scache' } + postfix::config { "tls_ssl_options": value => 'no_compression' } postfix::config { "smtpd_tls_loglevel": value => '1' } # DH parameters -- cgit v1.2.3