role(postfix): remove export-grade dh params

According to upstream documentation[0], the configuration parameter smtpd_tls_dh512_param_file will be ignored from the next release of Postfix (3.6). [0]: http://www.postfix.org/postconf.5.html#smtpd_tls_dh512_param_file

role(postfix): remove export-grade dh params
2584686c · George Rawlinson · Frederik Schwan · cef74fb6 · 2584686c · 2584686c
Commit 2584686c authored 4 years ago by George Rawlinson Committed by Frederik Schwan 4 years ago
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -39,11 +39,6 @@
  notify:
    - reload postfix

- name: create dhparam 512
-  command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
-  notify:
-    - reload postfix
-
 - name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -20,7 +20,6 @@ smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
 {% endif %}

 smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
-smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
 smtpd_tls_eecdh_grade = ultra
 tls_preempt_cipherlist = yes
 smtpd_tls_loglevel = 1