upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 07:12:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #7 from jsha/min-tls-version

Browse source 
Treat min-tls-version as a minimum.
This commit is contained in:
Peter Eckersley 2014-10-08 11:32:54 -07:00
commit 97cce82e5a
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
MTAConfigGenerator.py
View file

@ -128,7 +128,14 @@ class PostfixConfigGenerator(MTAConfigGenerator):
mx_policy = self.policy_config.tls_policies[mx_domain]
entry = address_domain + " encrypt"
if "min-tls-version" in mx_policy:
entry += " protocols=" + mx_policy["min-tls-version"]
if mx_policy["min-tls-version"].lower() == "tlsv1":
entry += " protocols=!SSLv2,!SSLv3"
elif mx_policy["min-tls-version"].lower() == "tlsv1.1":
entry += " protocols=!SSLv2,!SSLv3,!TLSv1"
elif mx_policy["min-tls-version"].lower() == "tlsv1.2":
entry += " protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"
else:
print mx_policy["min-tls-version"]
self.policy_lines.append(entry)
f = open(self.policy_file, "w")