infra/ansible-role-dovecot
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added buster support

Browse source
This commit is contained in:
nd 2020-04-30 14:59:14 +02:00
parent 0ed250d6ee
commit 38ff3f3fe4
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
3 changed files with 18 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

20
templates/10-ssl.conf.j2
View file

@ -11,12 +11,7 @@ ssl = required
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/ssl/{{ inventory_hostname }}.crt
ssl_key = </etc/ssl/private/{{ inventory_hostname }}.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
ssl_dh = </etc/ssl/dh-4096.pem
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
@ -42,17 +37,10 @@ ssl_key = </etc/ssl/private/{{ inventory_hostname }}.key
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# DH parameters length to use.
ssl_dh_parameters_length = 4092
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = no
# SSL protocols to use
ssl_protocols = TLSv1.2
# SSL ciphers to use
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =