AEAD ciphers: Add EECDH+CHACHA20 macro.

This adds the following two ciphers:

  ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH  Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
  ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH  Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD

1 files changed, 1 insertions, 1 deletions

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 250eec5..209347f 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -32,31 +32,31 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
 # /etc/pki/tls/cert.pem in RedHat-based systems.
 #ssl_client_ca_dir =
 #ssl_client_ca_file =
 
 # Request client to send a certificate. If you also want to require it, set
 # auth_ssl_require_client_cert=yes in auth section.
 #ssl_verify_client_cert = no
 
 # Which field from certificate to use for username. commonName and
 # x500UniqueIdentifier are the usual choices. You'll also need to set
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName
 
 # DH parameters length to use.
 ssl_dh_parameters_length = 2048
 
 # SSL protocols to use
 #ssl_protocols = !SSLv3
 
 # SSL ciphers to use
-ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
+ssl_cipher_list = EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL
 
 # Prefer the server's order of ciphers over client's.
 #ssl_prefer_server_ciphers = no
 
 # SSL crypto device to use, for valid values run "openssl engine"
 #ssl_crypto_device =
 
 # SSL extra options. Currently supported options are:
 #   no_compression - Disable compression.
 ssl_options = no_compression