summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/dovecot
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP/files/etc/dovecot')
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 250eec5..209347f 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -32,31 +32,31 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
# /etc/pki/tls/cert.pem in RedHat-based systems.
#ssl_client_ca_dir =
#ssl_client_ca_file =
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# DH parameters length to use.
ssl_dh_parameters_length = 2048
# SSL protocols to use
#ssl_protocols = !SSLv3
# SSL ciphers to use
-ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
+ssl_cipher_list = EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
ssl_options = no_compression
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-23 19:40:15 +0000