foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dovecot: Use Mozilla intermediate ssl settings

Browse source
This commit is contained in:
Timo Makinen 2021-03-16 07:30:29 +00:00
parent 2f2db828b2
commit 183208afff
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/dovecot/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- {role: dhparams}

9
roles/dovecot/templates/local.conf.j2
View file

@ -1,8 +1,15 @@
# ssl settings # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.8&config=intermediate&openssl=1.1.1g&guideline=5.6
ssl = required ssl = required
ssl_cert = <{{ tls_certs }}/{{ mail_server }}-fullchain.crt ssl_cert = <{{ tls_certs }}/{{ mail_server }}-fullchain.crt
ssl_key = <{{ tls_private }}/{{ mail_server }}.key ssl_key = <{{ tls_private }}/{{ mail_server }}.key
ssl_dh = <{{ tls_certs }}/ffdhe3072.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = no
# kerberos # kerberos
auth_gssapi_hostname = "$ALL" auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_krb5_keytab = /etc/dovecot/dovecot.keytab