Disabling tls compression

author Silvio Rhatto <rhatto@riseup.net>

Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)
diff --git a/manifests/tls/hardened.pp b/manifests/tls/hardened.pp

index 78d809321170d578177c907fa7cbf8e6bec398fb..735135c3672dfe468f0dd99f28507791a13bb8a5 100644 (file)
--- a/manifests/tls/hardened.pp
+++ b/manifests/tls/hardened.pp
@@ -9,6 +9,7 @@ class mail::tls::hardened inherits mail::tls {
    postfix::config { "smtpd_tls_mandatory_protocols":    value => '!SSLv2, !SSLv3' }
    postfix::config { "smtpd_tls_session_cache_database": value => 'btree:${data_directory}/smtpd_scache' }
    postfix::config { "smtp_tls_session_cache_database":  value => 'btree:${data_directory}/smtp_scache' }
+  postfix::config { "tls_ssl_options":                  value => 'no_compression' }
    postfix::config { "smtpd_tls_loglevel":               value => '1' }
  
    # DH parameters
author	Silvio Rhatto <rhatto@riseup.net>
	Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sun, 26 Oct 2014 15:36:16 +0000 (13:36 -0200)