summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
Commit message (Collapse)AuthorAgeFiles
* IMAP: Update role to Debian Buster.Guilhem Moulin2020-05-191
| | | | | | | | For `ssl_cipher_list` we pick the suggested value from https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’ to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
* AEAD ciphers: Add EECDH+CHACHA20 macro.Guilhem Moulin2020-05-181
| | | | | | | This adds the following two ciphers: ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-091
|
* Let's EncryptGuilhem Moulin2016-03-021
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
|
* dovecot: remove !SSLv2 from ssl_cipher_list.Guilhem Moulin2015-12-151
|
* dovecot: Disable SSLv3.Guilhem Moulin2015-09-171
|
* logjam mitigation.Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-071
|
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-071
| | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
* Generate certs for Dovecot and Nginx if they are not there.Guilhem Moulin2015-06-071
|
* Configure Sieve and ManageSieve.Guilhem Moulin2015-06-071
| | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server.
* Configure the webmail.Guilhem Moulin2015-06-071
|
* Configure the IMAP server.Guilhem Moulin2015-06-071
(For now, only LMTP and IMAP processes, without replication.)