DevHeads.net

Postings by L. Jankok

Disable TLS client-initiated renegotiation with postfix

In my main.cf I have"tls_ssl_options=NO_RENEGOTIATION" but when I use the
mailserver verification option from <a href="https://internet.nl" title="https://internet.nl">https://internet.nl</a> I get the report
that TLS client-initiated renegotiation is not disabled and that therefore
my postfix setup is prone to a DOS attack by means of CPU resource
starvation.

1. Is this a false positive?
2. If it is indeed an issue, how to disable TLSA client-initiated
renegotiation with postfix?

Cheers