Merge #1233 - Limit Dovecot ciphers to the Mozilla modern set

This commit is contained in:
Joshua Tauberer 2017-10-03 11:51:49 -04:00
commit f25801e88d
2 changed files with 5 additions and 1 deletions

View file

@ -9,6 +9,10 @@ Web:
* Updated cipher list to Mozilla's current intermediate recommendation. * Updated cipher list to Mozilla's current intermediate recommendation.
* Updated HSTS header to use longer six month duration. * Updated HSTS header to use longer six month duration.
Mail:
* Updated IMAP/POP cipher list to Mozilla's current mondern recommendation.
v0.24 (October 3, 2017) v0.24 (October 3, 2017)
----------------------- -----------------------

View file

@ -85,7 +85,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
"ssl_protocols=!SSLv3 !SSLv2" \ "ssl_protocols=!SSLv3 !SSLv2" \
"ssl_cipher_list=TLSv1+HIGH !SSLv2 !RC4 !aNULL !eNULL !3DES @STRENGTH" \ "ssl_cipher_list=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" \
"ssl_prefer_server_ciphers = yes" \ "ssl_prefer_server_ciphers = yes" \
"ssl_dh_parameters_length = 2048" "ssl_dh_parameters_length = 2048"