1 files changed, 12 insertions, 4 deletions

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 526da9c..90843b2 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -26,6 +26,13 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
 # Require that CRL check succeeds for client certificates.
 #ssl_require_crl = yes
 
+# Directory and/or file for trusted SSL CA certificates. These are used only
+# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
+# directory is usually /etc/ssl/certs in Debian-based systems and the file is
+# /etc/pki/tls/cert.pem in RedHat-based systems.
+#ssl_client_ca_dir =
+#ssl_client_ca_file =
+
 # Request client to send a certificate. If you also want to require it, set
 # auth_ssl_require_client_cert=yes in auth section.
 #ssl_verify_client_cert = no
@@ -35,10 +42,8 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName
 
-# How often to regenerate the SSL parameters file. Generation is quite CPU
-# intensive operation. The value is in hours, 0 disables regeneration
-# entirely.
-#ssl_parameters_regenerate = 168
+# DH parameters length to use.
+#ssl_dh_parameters_length = 1024
 
 # SSL protocols to use
 ssl_protocols = !SSLv2
@@ -46,5 +51,8 @@ ssl_protocols = !SSLv2
 # SSL ciphers to use
 ssl_cipher_list = HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
 
+# Prefer the server's order of ciphers over client's.
+#ssl_prefer_server_ciphers = no
+
 # SSL crypto device to use, for valid values run "openssl engine"
 #ssl_crypto_device =