From 0ba508ee2dc88bd86aa4209efd55c498e394ffea Mon Sep 17 00:00:00 2001
From: Aaron Zauner <azet@azet.org>
Date: Tue, 29 Mar 2016 19:02:00 +0200
Subject: [PATCH] disable SSLv2,3 client-side too #24

---
 letsencrypt-postfix/PostfixConfigGenerator.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/letsencrypt-postfix/PostfixConfigGenerator.py b/letsencrypt-postfix/PostfixConfigGenerator.py
index dfb20ccea..609477f0b 100755
--- a/letsencrypt-postfix/PostfixConfigGenerator.py
+++ b/letsencrypt-postfix/PostfixConfigGenerator.py
@@ -82,7 +82,10 @@ class PostfixConfigGenerator:
 	# Disable SSLv2 and SSLv3. Syntax for `smtp_tls_protocols` changed
 	# between Postfix version 2.5 and 2.6, since we only support => 2.11
 	# we don't use nor support legacy Postfix syntax.
+	# - Server:
 	self.ensure_cf_var("smtp_tls_protocols", "!SSLv2, !SSLv3", [])
+	# - Client:
+	self.ensure_cf_var("smtp_tls_mandatory_protocols", "!SSLv2, !SSLv3", [])
 
     def maybe_add_config_lines(self):
         if not self.additions: