[Bug 365390] [NEW] postfix: invalid value for smtpd_tls_mandatory_ciphers in main.cf

a7x ubuntu-a7x at scientician.org
Thu Apr 23 06:31:05 BST 2009

Public bug reported:

Binary package hint: postfix

postfix-2.5.5-1.1 (jaunty release candidate)

The default /etc/postfix/main.cf file contains the line:

smtpd_tls_mandatory_ciphers = medium, high

This is an invalid value; it must be either 'medium' or 'high', not
'medium, high'.  With it set to 'medium, high', sending mail via the
submission port (uncommented in master.cf) results in the following
error message in /var/log/mail.log:

Apr 23 00:20:06 socket postfix/smtpd[28385]: warning:
localhost[]: invalid TLS cipher grade: "medium, high": aborting
TLS session

The documentation (man 5 postconf) says this:

"smtpd_tls_mandatory_ciphers (default: medium).  The minimum TLS cipher
grade that the Postfix SMTP server will use with mandatory TLS
encryption.  Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
or smtpd_tls_exclude_ciphers are excluded from the base definition of
the selected cipher grade.  With opportunistic TLS encryption,  the
"export" grade is used unconditionally with exclusions specified only
via smtpd_tls_exclude_ciphers."

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

postfix:  invalid value for smtpd_tls_mandatory_ciphers in main.cf
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.

More information about the Ubuntu-server-bugs mailing list