From 6cb5b8fdc6e2cd4cbb47f45be01b05de2c8269d9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 27 Oct 2015 16:27:31 +0100
Subject: Roundcube managesieve SSL options: use AESGCM and disable
 compression.

---
 .../webmail/files/etc/roundcube/plugins/managesieve/config.inc.php  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php b/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php
index 1423610..8e4b454 100644
--- a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php
+++ b/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php
@@ -33,9 +33,11 @@ $config['managesieve_usetls'] = false;
 // The example below enables server certificate validation
 $config['managesieve_conn_options'] = array(
   'ssl'         => array(
-     'verify_peer'  => true,
+     'verify_peer' => true,
      'verify_depth' => 3,
-     'cafile'       => '/etc/stunnel/certs/imap.fripost.org.pem',
+     'cafile' => '/etc/stunnel/certs/imap.fripost.org.pem',
+     'disable_compression' => true,
+     'ciphers' => 'EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL',
    ),
  );
 
-- 
cgit v1.2.3