[TODO]: Deprecate TLS_LEVEL=intermediate
#3892
Labels
area/features
area/networking
area/security
kind/update
Update an existing feature, configuration file or the documentation
service/dovecot
service/postfix
stale-bot/ignore
Indicates that this issue / PR shall not be closed by our stale-checking CI
Description
Despite what the docs presently say for
TLS_LEVEL
,intermediate
does not offer TLS 1.0/1.2 anymore:docker-mailserver/target/scripts/helpers/ssl.sh
Lines 145 to 148 in a815bf5
This was removed in #2945 but I have noticed that we have a user forking to carry a patch to revert back the support along with the required OpenSSL config.
From v15 (or perhaps v14 if someone wants to tackle it in time), we could add this support back via an alternative
TLS_LEVEL=legacy
or alternative opt-in likeLEGACY_TLS=1
.I'm not sure if there is any value in us maintaining the separate
intermediate
list, the cipher lists could be unset back to defaults from Postfix/Dovecot.TLS_LEVEL
would then be deprecated so that we only offermodern
, as it's really only exists for legacy requirements to useintermediate
for broader compatibility 🤷♂️We don't presently document to users how to bring back TLS <1.2 support, although we could do take this approach instead with a
user-patches.sh
if maintainers do not want to continue carrying such support within DMS officially for user convenience.The text was updated successfully, but these errors were encountered: