Commit 81156c64 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

dovecot: Modernize SSL settings (TLSv1.2 + update cipher list)

Per Mozilla's guidelines: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
parent 6fa4e2fc
......@@ -83,14 +83,15 @@ service lmtp {
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
ssl_cert = </etc/letsencrypt/live/{{mail_domain}}/fullchain.pem
ssl_key = </etc/letsencrypt/live/{{mail_domain}}/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_min_protocol = TLSv1
ssl_min_protocol = TLSv1.2
ssl_dh=</etc/dovecot/dh.pem
ssl_options = no_compression
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
userdb {
driver = passwd
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment