Force clients to use a specific cipher when connecting to mail-in-a-box server

I recently upgraded my libssl version on FIPS Ubuntu servers, and some ciphers have stopped working properly. Seems like the clients by default use TLS_AES_256_GCM_SHA384 cipher. Would it be possible to modify the postfix configuration on server/client side such that AES256:SHA256 cipher is used?

If Postfix supports it, yes, but your changes will be reverted every time you upgrade MiaB versions.

I tried doing that. But I couldn’t. Can you please tell me how I can restrict the ciphers being used in postfix?

You might want to start here, which is very general, but search through this page for the specific keywords and usually you can discover the various different configuration settings to meet your needs:

https://www.postfix.org/postconf.5.html

Thank you for sharing the link. I have tried all the options available in that link, but it does not seem to work. I might be missing something. Do you have any other ideas on how I can achieve my use case?

This is kind of a show stopper for us. Any help would be much appreciated.

Since this is an issue more related to the OS and postfix, I would suggest asking in a different forum, as I’m sure you aren’t the first person to encounter this issue, but given the common use-case for MiaB, there may not be users visiting this forum who have experience with this issue.