Fix postfix TLS in the FIPS mode by switching to SHA-256 instead of MD5
Updated -
By default, postfix uses MD5 hashes with the TLS for backward compatibility. But in the FIPS mode, the MD5 hashing function is not available, which may cause TLS not to work properly in the default postfix configuration. Hence, the default hashing function needs to be changed to SHA-256 in the postfix configuration file.
As root run the following commands to switch postfix from the default MD5 hashing function to SHA-256 in booth client and server:
# postconf -e smtp_tls_fingerprint_digest=sha256
# postconf -e smtpd_tls_fingerprint_digest=sha256
# systemctl restart postfix
Comments