Disabled SSLv3 by default. Obvious fix.

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 This file is used to list changes made in each version of the postfix cookbook.
 
+## 5.3.2 (2020-04-27)
+
+- Disabled SSLv3 by default
+
 ## 5.3.1 (2018-07-24)
 
 - Fixed sbin issue with Chef13

attributes/default.rb

@@ -88,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname'
 default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact
 default['postfix']['main']['smtpd_use_tls'] = 'yes'
 default['postfix']['main']['smtp_use_tls'] = 'yes'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil

metadata.rb

@@ -3,7 +3,7 @@ maintainer 'Chef Software, Inc.'
 maintainer_email 'cookbooks@chef.io'
 license 'Apache-2.0'
 description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
-version '5.3.1'
+version '5.3.2'
 
 %w(ubuntu debian redhat centos amazon oracle scientific smartos fedora freebsd).each do |os|
   supports os