How to disable client-initiated renegotiation in Postfix?

ComputerBas

5/25/23, 3:18 AM

293

0 + 0

security

linux

ssl

postfix

Score:3

Server

ComputerBas

5/25/23, 3:18 AM

In console:

nano etc/postfix/main.cf

Find & edit - or add this line:

tls_ssl_options = NO_RENEGOTIATION

The value of the tls_ssl_options configuration parameter is a white-space or comma separated list of named options, with an alternate syntax provided for (only in exceptional circumstances recommendable) directly specifying OpenSSL-supported options not (yet) named at Postfix compile time.

0 + 0

Alejandro T

10/1/23, 6:28 PM

Do you know how to do it in postfix 2.10 ?

anx

10/1/23, 6:49 PM

Because TLS 1.3 forbids renegotiation, this is only needed when allowing legacy TLS (1.2 or prior) in the first place.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to disable client-initiated renegotiation in Postfix?

TH: จะปิดการใช้งานการเจรจาใหม่ที่เริ่มต้นโดยไคลเอนต์ใน Postfix ได้อย่างไร

RO: Cum se dezactivează renegocierea inițiată de client în Postfix?

RU: Как отключить инициированное клиентом повторное согласование в Postfix?

VI: Làm cách nào để tắt đàm phán lại do khách hàng khởi tạo trong Postfix?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.