I want to disable cipher SSL3_RSA_WITH_SEED_SHA in Postfix.
I have got in main.cf
smtpd_tls_ciphers = high
smtpd_tls_protocols = TLSv1,!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
What should I add to smtpd_tls_exclude_ciphers to exclude SSL3_RSA_WITH_SEED_SHA?
Best Answer
You can use BetterCrypto document for a secure configuration. After that, OpenVAS should not trigger any problem.
Page 26, Section 2.3.4.Postfix: https://bettercrypto.org/static/applied-crypto-hardening.pdf
Please read Limitations, too.
I hope to be useful.