Browse Source

dovecot: stronger TLS configuration

projet6062
Victor Laborie 1 year ago
parent
commit
47bf0ed2d2
2 changed files with 7 additions and 0 deletions
  1. +2
    -0
      CHANGELOG.md
  2. +5
    -0
      dovecot/templates/z-evolinux-defaults.conf.j2

+ 2
- 0
CHANGELOG.md View File

@@ -17,6 +17,8 @@ The **patch** part changes incrementally at each release.

### Changed

* dovecot: stronger TLS configuration

### Fixed
* apache: cleaner way to overwrite the server status suffix
* packweb-apache: don't regenerate phpMyAdmin suffix each time


+ 5
- 0
dovecot/templates/z-evolinux-defaults.conf.j2 View File

@@ -37,5 +37,10 @@ mail_max_userip_connections = 42

# SSL/TLS
ssl = yes
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
ssl_options = no_compression no_ticket
ssl_protocols = !TLSv1 !TLSv1.1
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key

Loading…
Cancel
Save