diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-01 23:02:45 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:13 +0200 |
| commit | de4859456f1de54540c96ad97f62858dd089a980 (patch) | |
| tree | 4b4904258ae3daf6a6b4f852cbc9821acdfa8cc4 /roles/common/templates/etc/postfix/tls_policy.j2 | |
| parent | 170dc68f9275dffb48fbe3f8ebb2183cd7ddf111 (diff) | |
Replace IPSec tunnels by app-level ephemeral TLS sessions.
For some reason giraff doesn't like IPSec. App-level TLS sessions are
less efficient, but thanks to ansible it still scales well.
Diffstat (limited to 'roles/common/templates/etc/postfix/tls_policy.j2')
| -rw-r--r-- | roles/common/templates/etc/postfix/tls_policy.j2 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/tls_policy.j2 b/roles/common/templates/etc/postfix/tls_policy.j2 new file mode 100644 index 0000000..b4fc453 --- /dev/null +++ b/roles/common/templates/etc/postfix/tls_policy.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +[outgoing.fripost.org]:{{ postfix_instance.out.port }} fingerprint ciphers=high protocols=TLSv1.2 +{% for x in tls_policy.results %} + match={{ x.stdout }} +{% endfor %} |