foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dovecot: Require TLS 1.3

Browse source
This commit is contained in:
Timo Makinen 2024-02-14 21:03:35 +00:00
parent bf8c5532cb
commit caf6b54774
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/dovecot/templates/local.conf.j2
View file

@ -1,13 +1,11 @@
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.8&config=intermediate&openssl=1.1.1g&guideline=5.6
# generated 2024-02-14, Mozilla Guideline v5.7, Dovecot 2.3.16, OpenSSL 1.1.1, modern configuration
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.16&config=modern&openssl=1.1.1&guideline=5.7
ssl = required
ssl_cert = <{{ tls_certs }}/{{ mail_server }}-fullchain.crt
ssl_key = <{{ tls_private }}/{{ mail_server }}.key
ssl_dh = <{{ tls_certs }}/ffdhe3072.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_min_protocol = TLSv1.3
ssl_prefer_server_ciphers = no
# kerberos