Commit 58249853 authored by Frederik Schwan's avatar Frederik Schwan
Browse files

Merge branch 'pf_remove_dhparam_512' into 'master'

role(postfix): remove export-grade dh params

See merge request !332
parents cef74fb6 2584686c
Pipeline #5787 passed with stage
in 38 seconds
......@@ -39,11 +39,6 @@
notify:
- reload postfix
- name: create dhparam 512
command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
notify:
- reload postfix
- name: install postfix cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
when: postfix_smtpd_public
......
......@@ -20,7 +20,6 @@ smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
{% endif %}
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = ultra
tls_preempt_cipherlist = yes
smtpd_tls_loglevel = 1
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment