From 51bc48623b959fecb5ae439a2e6c70544347d3a1 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 25 Jan 2022 10:10:11 +0100
Subject: [PATCH] dovecot: switch to TLS 1.2+ and external DH params

---
 dovecot/tasks/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index 7db272da..1bebbafc 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -10,9 +10,10 @@
   tags:
   - dovecot
 
-- name: Generate Diffie-Hellman parameters with the default size 4096 bits (may take several minutes)
+- name: Generate 4096 bits Diffie-Hellman parameters (may take several minutes)
   openssl_dhparam:
     path: /etc/ssl/dhparams.pem
+    size: 4096
 
 - name: disable pam auth
   replace: