summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-26 00:55:19 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:52 +0200
commit64e8603cf9790aa4419d0f2746671bd242e6344d (patch)
treea54c623bbe44f52c583bacf80848d3b9d4467abe /roles/IMAP/files/etc
parent6b424a8f4155dea449b1dde746eae77bded63f7c (diff)
logjam mitigation.
Diffstat (limited to 'roles/IMAP/files/etc')
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 90843b2..e801639 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -26,33 +26,33 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
#ssl_client_ca_dir =
#ssl_client_ca_file =
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# DH parameters length to use.
-#ssl_dh_parameters_length = 1024
+ssl_dh_parameters_length = 2048
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =