forked from evolix/ansible-roles
Add generate dhparam and update variables for dovecot 2.3
This commit is contained in:
parent
5a83a30a4c
commit
916138575a
|
@ -10,6 +10,10 @@
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
|
- name: Generate Diffie-Hellman parameters with the default size (4096 bits)
|
||||||
|
openssl_dhparam:
|
||||||
|
path: /etc/ssl/dhparams.pem
|
||||||
|
|
||||||
- name: disable pam auth
|
- name: disable pam auth
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/dovecot/conf.d/10-auth.conf
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
||||||
|
|
|
@ -38,9 +38,9 @@ mail_max_userip_connections = 42
|
||||||
# SSL/TLS
|
# SSL/TLS
|
||||||
ssl = yes
|
ssl = yes
|
||||||
ssl_prefer_server_ciphers = yes
|
ssl_prefer_server_ciphers = yes
|
||||||
ssl_dh_parameters_length = 2048
|
ssl_dh=</etc/ssl/dhparam.pem
|
||||||
ssl_options = no_compression no_ticket
|
ssl_options = no_compression no_ticket
|
||||||
ssl_protocols = !TLSv1 !TLSv1.1
|
ssl_min_protocol = TLSv1.2
|
||||||
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||||
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
|
Loading…
Reference in a new issue