From 84da4e600013e0ce7ee67a8676f442362973ef6a Mon Sep 17 00:00:00 2001 From: Steve Hay Date: Mon, 5 Sep 2022 19:25:20 -0400 Subject: [PATCH] Update dovecot to use same DH parameters file as the other services Originally from #2157. --- setup/mail-dovecot.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index 394ede8..a4bb563 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -87,7 +87,8 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ "ssl_min_protocol=TLSv1.2" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_prefer_server_ciphers=no" \ - "ssl_dh_parameters_length=2048" + "ssl_dh_parameters_length=2048" \ + "ssl_dh=<$STORAGE_ROOT/ssl/dh2048.pem" # Disable in-the-clear IMAP/POP because there is no reason for a user to transmit # login credentials outside of an encrypted connection. Only the over-TLS versions