Merge pull request #160 from willhaines/master

Disabled SSLv3 by default.   Obvious fix.

CHANGELOG.md

@@ -2,8 +2,9 @@
 
 This file is used to list changes made in each version of the postfix cookbook.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+## Unreleased
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+- Disabled SSLv3 by default
 
 ## 5.4.1 - 2020-10-20
 

attributes/default.rb

@@ -88,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname'
 default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact
 default['postfix']['main']['smtpd_use_tls'] = 'yes'
 default['postfix']['main']['smtp_use_tls'] = 'yes'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil