diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-05-14 23:14:25 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:28 +0200 |
commit | f7c8011b39044a69daa091ef2c0f7a7aefacb663 (patch) | |
tree | 7d6c1a772a33a895a00011c69147b8178529e134 /roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | |
parent | 166804e99e33c8ec5760e88ba1f52d4fc301334c (diff) |
Upgrade Dovecot config to Jessie.
Diffstat (limited to 'roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf')
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index 526da9c..90843b2 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -26,6 +26,13 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes +# Directory and/or file for trusted SSL CA certificates. These are used only +# when Dovecot needs to act as an SSL client (e.g. imapc backend). The +# directory is usually /etc/ssl/certs in Debian-based systems and the file is +# /etc/pki/tls/cert.pem in RedHat-based systems. +#ssl_client_ca_dir = +#ssl_client_ca_file = + # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no @@ -35,10 +42,8 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 168 +# DH parameters length to use. +#ssl_dh_parameters_length = 1024 # SSL protocols to use ssl_protocols = !SSLv2 @@ -46,5 +51,8 @@ ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH +# Prefer the server's order of ciphers over client's. +#ssl_prefer_server_ciphers = no + # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = |