diff --git a/CHANGELOG.md b/CHANGELOG.md
index cab3593..f5e4e62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 This file is used to list changes made in each version of the postfix cookbook.
 
+## 5.3.2 (2020-04-27)
+
+- Disabled SSLv3 by default
+
 ## 5.3.1 (2018-07-24)
 
 - Fixed sbin issue with Chef13
diff --git a/attributes/default.rb b/attributes/default.rb
index 592b09e..0728944 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -88,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname'
 default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact
 default['postfix']['main']['smtpd_use_tls'] = 'yes'
 default['postfix']['main']['smtp_use_tls'] = 'yes'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil
diff --git a/metadata.rb b/metadata.rb
index 2295ffe..544f8d2 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -3,7 +3,7 @@ maintainer 'Chef Software, Inc.'
 maintainer_email 'cookbooks@chef.io'
 license 'Apache-2.0'
 description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
-version '5.3.1'
+version '5.3.2'
 
 %w(ubuntu debian redhat centos amazon oracle scientific smartos fedora freebsd).each do |os|
   supports os