mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
Allow clients to choose own ciphers
This changes a previously updated default in Dovecot and Postfix, as it resulted in too many issues in older clients.
This commit is contained in:
parent
9aec143bbd
commit
5163fd4da0
@ -80,7 +80,7 @@ protocols = imap
|
|||||||
ssl = yes
|
ssl = yes
|
||||||
ssl_min_protocol = TLSv1.2
|
ssl_min_protocol = TLSv1.2
|
||||||
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
ssl_prefer_server_ciphers = yes
|
ssl_prefer_server_ciphers = no
|
||||||
|
|
||||||
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
|
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
|
||||||
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
|
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
|
||||||
|
@ -199,7 +199,7 @@ smtpd_tls_loglevel = 1
|
|||||||
# Other TLS configuration parameters.
|
# Other TLS configuration parameters.
|
||||||
tls_random_source = dev:/dev/urandom
|
tls_random_source = dev:/dev/urandom
|
||||||
tls_ssl_options = no_ticket, no_compression
|
tls_ssl_options = no_ticket, no_compression
|
||||||
tls_preempt_cipherlist = yes
|
tls_preempt_cipherlist = no
|
||||||
|
|
||||||
# Certificate file location.
|
# Certificate file location.
|
||||||
smtpd_tls_cert_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.crt
|
smtpd_tls_cert_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.crt
|
||||||
|
Loading…
Reference in New Issue
Block a user