Release Date: 26 November, 2019
In this release, there are some major changes.
The manager interface (served by miniserv.pl on default port 18080) supports TLSv1.3 out of the box, no configuration is required.
The group manager interface and end user interface (served by Apache on default port 28443) must be configured to enable TLSv1.3. You must add +TLSv1.3 to the current value of SSLProtocol in <PMX_INSTALLATION_PREFIX>/etc/manager/httpd2/ssl.conf. For example, if your file has this line:
SSLProtocol -ALL +TLSv1.1 +TLSv1.2you must change it to this:
SSLProtocol -ALL +TLSv1.1 +TLSv1.2 +TLSv1.3For more information, visit SSL/TLS Strong Encryption: How-To on the Apache website.
By default your Postfix MTA may support TLSv1.3. This depends how the parameters smtpd_tls_protocols and smtp_tls_protocols are configured.
For example, the following <PMX_INSTALLATION_PREFIX>/postfix/etc/main.cf file will support all TLS protocols (including TLSv1.1, TLSv1.2 and TLSv1.3) except the excluded ones (SSLv2, SSLv3, TLSv1):
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
lmtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
lmtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1
lmtp_tls_ciphers = high
lmtp_tls_mandatory_ciphers = high
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
tlsproxy_tls_ciphers = high
tlsproxy_tls_mandatory_ciphers = high
tls_preempt_cipherlist = yes
smtpd_tls_security_level = encrypt
smtpd_tls_cert_file = /opt/pmx6/etc/manager/httpd2/pmx-cert.pem
Starting with this version, PureMessage for Unix supports SuSE Linux Enterprise Server 15.