From 61ba2a2fe12ffd5578429dfe1d354a1c5d16517a Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 18 May 2020 04:34:00 +0200
Subject: AEAD ciphers: Add EECDH+CHACHA20 macro.

This adds the following two ciphers:

  ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH  Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
  ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH  Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
---
 roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf')

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 250eec5..209347f 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -49,7 +49,7 @@ ssl_dh_parameters_length = 2048
 #ssl_protocols = !SSLv3
 
 # SSL ciphers to use
-ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
+ssl_cipher_list = EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL
 
 # Prefer the server's order of ciphers over client's.
 #ssl_prefer_server_ciphers = no
-- 
cgit v1.2.3