Disabling SSLv3 in postfix

diff --git a/manifests/tls/hardened.pp b/manifests/tls/hardened.pp
index 67f68da1747e4a115fe5fbe770308559e904e78b..63306f51e30c792d01a448c7c9cf53d9a2a47d9d 100644 (file)
--- a/manifests/tls/hardened.pp
+++ b/manifests/tls/hardened.pp
@@ -1,10 +1,12 @@
 class mail::tls::hardened inherits mail::tls {
   # Hardened config
   postfix::config { "smtpd_tls_ciphers":                value => 'high' }
-  postfix::config { "smtp_tls_protocols":               value => '!SSLv2, SSLv3, TLSv1' }
+  postfix::config { "smtp_tls_protocols":               value => '!SSLv2, !SSLv3' }
+  postfix::config { "smtp_tls_mandatory_protocols"      value => '!SSLv2, !SSLv3' }
   postfix::config { "smtp_tls_note_starttls_offer":     value => 'yes' }
   postfix::config { "smtpd_tls_received_header":        value => 'yes' }
-  postfix::config { "smtpd_tls_mandatory_protocols":    value => 'TLSv1' }
+  postfix::config { "smtpd_tls_protocols":              value => '!SSLv2, !SSLv3' }
+  postfix::config { "smtpd_tls_mandatory_protocols":    value => '!SSLv2, !SSLv3' }
   postfix::config { "smtpd_tls_session_cache_database": value => 'btree:${data_directory}/smtpd_scache' }
   postfix::config { "smtp_tls_session_cache_database":  value => 'btree:${data_directory}/smtp_scache' }