Commit 2584686c authored by George Rawlinson's avatar George Rawlinson Committed by Frederik Schwan
Browse files

role(postfix): remove export-grade dh params

According to upstream documentation[0], the configuration parameter
smtpd_tls_dh512_param_file will be ignored from the next release of
Postfix (3.6).

[0]: http://www.postfix.org/postconf.5.html#smtpd_tls_dh512_param_file
parent cef74fb6
......@@ -39,11 +39,6 @@
notify:
- reload postfix
- name: create dhparam 512
command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
notify:
- reload postfix
- name: install postfix cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
when: postfix_smtpd_public
......
......@@ -20,7 +20,6 @@ smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
{% endif %}
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = ultra
tls_preempt_cipherlist = yes
smtpd_tls_loglevel = 1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment