Postfix-Tls: disabling SSLv2.0
In order to comply with SOX, Securitymetrics has been scanning our machines & gave us this message when scanning our mail server:
Synopsis : The remote service encrypts traffic using a protocol with known weaknesses.
Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.
This is a debian box, running sarge (3.1r4), Postfix-TLS 2.1.5-9. We are running SSLv3.0 & TLSv1.0.
So my question is, how do I disable the use of SSLv2.0 with postfix-tls?