Hi,
I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service.
In master.cf I have added the following to the submission service:
-o smtpd_tls_ciphers=high
-o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,TLSv1.2
…however, when I test via the OpenSSL client:
openssl s_client -connect example.com:587 -starttls smtp -tls1
…it connects and negotiates TLS 1.0. It will also negotiate TLS 1.1 and TLS 1.2 on successive tests.
What am I doing wrong ?
Thanks,
- J