Skip to content
Permalink
Browse files

Merge branch 'dovecot_updates' of https://github.com/reixd/debops int…

…o reixd-dovecot_updates
  • Loading branch information...
drybjed committed Sep 10, 2019
2 parents 803d04a + fce9783 commit 5c3ccf0b3d45644c50a1897e34bd57b6b0de93c1
@@ -243,11 +243,19 @@ dovecot_ssl_required: True
# ]]]
# .. envvar:: dovecot_ssl_protocols [[[
#
# SSL ciphers to use
# SSL ciphers to use. On new distros you only specify the minimum ssl
# protocol version Dovecot accepts, defaulting to TLSv1.
# On old distros disable SSLv2,3 and allow TLSv1.0 or better.
dovecot_ssl_protocols: '{{ "!SSLv2 !SSLv3"
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty" ])
else "!SSLv3" }}'
else "TLSv1" }}'

# ]]]
# .. envvar:: dovecot_ssl_dh_parameters_length [[[
#
# Diffie-Hellman parameters length
dovecot_ssl_dh_parameters_length: 2048

# ]]]
# .. envvar:: dovecot_ssl_cipher_list [[[
@@ -259,7 +267,7 @@ dovecot_ssl_cipher_list: '{{ dovecot_ssl_cipher_list_default }}'
# .. envvar:: dovecot_ssl_cipher_list_default [[[
#
# Default SSL ciphers
dovecot_ssl_cipher_list_default: 'TLSv1+HIGH:!SSLv2:!EXPORT:!RC4:!aNULL:!eNULL:!3DES:@STRENGTH'
dovecot_ssl_cipher_list_default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH'

# ]]]
# .. envvar:: dovecot_ssl_cipher_list_better_cypto [[[
@@ -22,13 +22,17 @@ ssl = yes
ssl_prefer_server_ciphers = yes

# Diffie-Hellman parameters length (Default is 1024, Dovecot >=2.2.7 Required)
ssl_dh_parameters_length = 2048
ssl_dh_parameters_length = {{ dovecot_ssl_dh_parameters_length }}

{% set dovecot_tpl_tls_cert_file = dovecot_pki_path + "/" + dovecot_pki_realm + "/" + dovecot_pki_crt %}
{% set dovecot_tpl_tls_key_file = dovecot_pki_path + "/" + dovecot_pki_realm + "/" + dovecot_pki_key %}
ssl_cert = <{{ dovecot_tpl_tls_cert_file }}
ssl_key = <{{ dovecot_tpl_tls_key_file }}
{% if (ansible_distribution_release in [ "wheezy", "jessie", "precise", "trusty" ] %}
ssl_protocols = {{ dovecot_ssl_protocols }}
{% else %}
ssl_min_protocol = {{ dovecot_ssl_protocols }}
{% endif %}
ssl_cipher_list = {{ dovecot_ssl_cipher_list }}
{% else %}
ssl = no

0 comments on commit 5c3ccf0

Please sign in to comment.
You can’t perform that action at this time.