mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
Allow clients to choose own ciphers
This changes a previously updated default in Dovecot and Postfix, as it resulted in too many issues in older clients.
This commit is contained in:
parent
9aec143bbd
commit
5163fd4da0
@ -80,7 +80,7 @@ protocols = imap
|
||||
ssl = yes
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_prefer_server_ciphers = no
|
||||
|
||||
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
|
||||
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
|
||||
|
@ -199,7 +199,7 @@ smtpd_tls_loglevel = 1
|
||||
# Other TLS configuration parameters.
|
||||
tls_random_source = dev:/dev/urandom
|
||||
tls_ssl_options = no_ticket, no_compression
|
||||
tls_preempt_cipherlist = yes
|
||||
tls_preempt_cipherlist = no
|
||||
|
||||
# Certificate file location.
|
||||
smtpd_tls_cert_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.crt
|
||||
|
Loading…
Reference in New Issue
Block a user