Summary
Disable TLSv1.0 and TLSv1.1 in IMSVA
Details
To disable TLSv1.0 and TLSv1.1 please follow these steps:
1. Make sure you have installed IMSVA Patch 3 build 1960 or a higher version.
2. Create a backup of the main.cf located in the /opt/trend/imss/postfix/etc/postfix/ folder.
3. Edit the main.cf file by appending !TLSv1, !TLSv1.1 at the end of the following parameters:
smtpd_tls_protocols
smtp_tls_protocols
smtpd_tls_mandatory_protocols
smtp_tls_mandatory_protocols
Example on how it will look like:
...
#smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
#smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
...
#smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
#smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
...
4. Reload the postfix configuration by running:
postfix reload
5. Check whether the change took effect by running the following commands:
postconf | grep smtpd_tls_
postconf | grep smtp_tls_
1. Make sure you have installed IMSVA Patch 3 build 1960 or a higher version.
2. Create a backup of the main.cf located in the /opt/trend/imss/postfix/etc/postfix/ folder.
3. Edit the main.cf file by appending !TLSv1, !TLSv1.1 at the end of the following parameters:
smtpd_tls_protocols
smtp_tls_protocols
smtpd_tls_mandatory_protocols
smtp_tls_mandatory_protocols
Example on how it will look like:
...
#smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
#smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
...
#smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
#smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
...
4. Reload the postfix configuration by running:
postfix reload
5. Check whether the change took effect by running the following commands:
postconf | grep smtpd_tls_
postconf | grep smtp_tls_