1 files changed, 37 insertions, 0 deletions

diff --git a/dovecot/conf.d/10-ssl.conf.diff b/dovecot/conf.d/10-ssl.conf.diff
new file mode 100644
index 0000000..56ee9c3
--- /dev/null
+++ b/dovecot/conf.d/10-ssl.conf.diff
@@ -0,0 +1,37 @@
+--- 10-ssl.conf.orig	2014-12-14 20:20:55.000000000 +0100
++++ 10-ssl.conf	2016-08-27 09:43:42.000000000 +0200
+@@ -3,14 +3,14 @@
+ ##
+ 
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-ssl = no
++ssl = yes
+ 
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root. Included doc/mkcert.sh can be used to easily generate self-signed
+ # certificate, just make sure to update the domains in dovecot-openssl.cnf
+-#ssl_cert = </etc/dovecot/dovecot.pem
+-#ssl_key = </etc/dovecot/private/dovecot.pem
++ssl_cert = </etc/dovecot/dovecot.pem
++ssl_key = </etc/dovecot/private/dovecot.pem
+ 
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter. Since this file is often
+@@ -46,13 +46,14 @@
+ #ssl_dh_parameters_length = 1024
+ 
+ # SSL protocols to use
+-#ssl_protocols = !SSLv2
++ssl_protocols = !SSLv2 !SSLv3
+ 
+ # SSL ciphers to use
+ #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
++ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
+ 
+ # Prefer the server's order of ciphers over client's.
+-#ssl_prefer_server_ciphers = no
++ssl_prefer_server_ciphers = yes
+ 
+ # SSL crypto device to use, for valid values run "openssl engine"
+ #ssl_crypto_device =