summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/files/etc/stunnel
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP-proxy/files/etc/stunnel')
-rw-r--r--roles/IMAP-proxy/files/etc/stunnel/stunnel.conf22
1 files changed, 14 insertions, 8 deletions
diff --git a/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf b/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf
index e77b557..f1c2a16 100644
--- a/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf
+++ b/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf
@@ -39,24 +39,30 @@ socket = r:TCP_NODELAY=1
; Authentication stuff needs to be configured to prevent MITM attacks
verify = 4
-; Disable support for insecure SSLv2 protocol
+; Disable support for insecure protocols
options = NO_SSLv2
-; Workaround for Eudora bug
-;options = DONT_INSERT_EMPTY_FRAGMENTS
+options = NO_SSLv3
+options = NO_TLSv1
+options = NO_TLSv1.1
; These options provide additional security at some performance degradation
-;options = SINGLE_ECDH_USE
-;options = SINGLE_DH_USE
+options = SINGLE_ECDH_USE
+options = SINGLE_DH_USE
+
+ciphers = EECDH+AES:EDH+AES:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
; **************************************************************************
; * Service definitions (remove all services for inetd mode) *
; **************************************************************************
[imaps]
-accept = localhost:993
+accept = localhost:143
connect = imap.fripost.org:993
CAfile = /etc/stunnel/certs/imap.fripost.org.pem
-options = NO_SSLv3
-ciphers = ECDH+AES:DH+AES
+
+[ldaps]
+accept = localhost:389
+connect = ldap.fripost.org:636
+CAfile = /etc/stunnel/certs/ldap.fripost.org.pem
; vim:ft=dosini