blob: 56ee9c37cbc02948f583eac31babb8da2a579833 (
plain)
- --- 10-ssl.conf.orig 2014-12-14 20:20:55.000000000 +0100
- +++ 10-ssl.conf 2016-08-27 09:43:42.000000000 +0200
- @@ -3,14 +3,14 @@
- ##
-
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
- -ssl = no
- +ssl = yes
-
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
- # root. Included doc/mkcert.sh can be used to easily generate self-signed
- # certificate, just make sure to update the domains in dovecot-openssl.cnf
- -#ssl_cert = </etc/dovecot/dovecot.pem
- -#ssl_key = </etc/dovecot/private/dovecot.pem
- +ssl_cert = </etc/dovecot/dovecot.pem
- +ssl_key = </etc/dovecot/private/dovecot.pem
-
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter. Since this file is often
- @@ -46,13 +46,14 @@
- #ssl_dh_parameters_length = 1024
-
- # SSL protocols to use
- -#ssl_protocols = !SSLv2
- +ssl_protocols = !SSLv2 !SSLv3
-
- # SSL ciphers to use
- #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
- +ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
-
- # Prefer the server's order of ciphers over client's.
- -#ssl_prefer_server_ciphers = no
- +ssl_prefer_server_ciphers = yes
-
- # SSL crypto device to use, for valid values run "openssl engine"
- #ssl_crypto_device =
|
