From 5b49c1c2314880ebd185eaec4445e05e97d3bb55 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Mon, 9 Mar 2015 10:15:37 +0100
Subject: [PATCH] RFC 7465 prohibits RC4 cipher suites in the ClientHello
 message.

---
 install/tpl/debian_postfix.conf.master   | 2 ++
 install/tpl/fedora_postfix.conf.master   | 2 ++
 install/tpl/gentoo_postfix.conf.master   | 2 ++
 install/tpl/opensuse_postfix.conf.master | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 36fd9c7be..b3d7f7429 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -38,3 +38,5 @@ smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_exclude_ciphers = RC4, aNULL
+smtp_tls_exclude_ciphers = RC4, aNULL
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index 0d4f3a558..0e868cadc 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -35,3 +35,5 @@ smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_exclude_ciphers = RC4, aNULL
+smtp_tls_exclude_ciphers = RC4, aNULL
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index c7d8e10c9..72e458eba 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -34,3 +34,5 @@ smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_exclude_ciphers = RC4, aNULL
+smtp_tls_exclude_ciphers = RC4, aNULL
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index 9ee3358c3..321e7138c 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -37,3 +37,5 @@ smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_exclude_ciphers = RC4, aNULL
+smtp_tls_exclude_ciphers = RC4, aNULL
-- 
GitLab