Fix postfix TLS in the FIPS mode by switching to SHA-256 instead of MD5

By default, postfix uses MD5 hashes with the TLS for backward compatibility. But in the FIPS mode, the MD5 hashing function is not available, which may cause TLS not to work properly in the default postfix configuration. Hence, the default hashing function needs to be changed to SHA-256 in the postfix configuration file.

As root run the following commands to switch postfix from the default MD5 hashing function to SHA-256 in booth client and server:

# postconf -e smtp_tls_fingerprint_digest=sha256
# postconf -e smtpd_tls_fingerprint_digest=sha256
# systemctl restart postfix

Comments

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Fix postfix TLS in the FIPS mode by switching to SHA-256 instead of MD5

Comments

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Comments

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links