Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | IMAP: Update role to Debian Buster. | Guilhem Moulin | 2020-05-19 | 1 |
| | | | | | | | | For `ssl_cipher_list` we pick the suggested value from https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’ to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’. | |||
* | AEAD ciphers: Add EECDH+CHACHA20 macro. | Guilhem Moulin | 2020-05-18 | 1 |
| | | | | | | | This adds the following two ciphers: ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD | |||
* | Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch. | Guilhem Moulin | 2018-12-09 | 1 |
| | ||||
* | Let's Encrypt | Guilhem Moulin | 2016-03-02 | 1 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | dovecot: remove !SSLv2 from ssl_cipher_list. | Guilhem Moulin | 2015-12-15 | 1 |
| | ||||
* | dovecot: Disable SSLv3. | Guilhem Moulin | 2015-09-17 | 1 |
| | ||||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Replace IPSec tunnels by app-level ephemeral TLS sessions. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. | |||
* | Generate certs for Dovecot and Nginx if they are not there. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure Sieve and ManageSieve. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server. | |||
* | Configure the webmail. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure the IMAP server. | Guilhem Moulin | 2015-06-07 | 1 |
(For now, only LMTP and IMAP processes, without replication.) |