Skip to content
Permalink
Browse files

Merge branch 'reixd-dovecot_updates'

  • Loading branch information...
drybjed committed Sep 10, 2019
2 parents 803d04a + 5c3ccf0 commit eba3c3066431ae72ae079b8cb870bf8400586ebb
@@ -243,11 +243,19 @@ dovecot_ssl_required: True
# ]]]
# .. envvar:: dovecot_ssl_protocols [[[
#
# SSL ciphers to use
# SSL ciphers to use. On new distros you only specify the minimum ssl
# protocol version Dovecot accepts, defaulting to TLSv1.
# On old distros disable SSLv2,3 and allow TLSv1.0 or better.
dovecot_ssl_protocols: '{{ "!SSLv2 !SSLv3"
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty" ])
else "!SSLv3" }}'
else "TLSv1" }}'

# ]]]
# .. envvar:: dovecot_ssl_dh_parameters_length [[[
#
# Diffie-Hellman parameters length
dovecot_ssl_dh_parameters_length: 2048

# ]]]
# .. envvar:: dovecot_ssl_cipher_list [[[
@@ -259,7 +267,7 @@ dovecot_ssl_cipher_list: '{{ dovecot_ssl_cipher_list_default }}'
# .. envvar:: dovecot_ssl_cipher_list_default [[[
#
# Default SSL ciphers
dovecot_ssl_cipher_list_default: 'TLSv1+HIGH:!SSLv2:!EXPORT:!RC4:!aNULL:!eNULL:!3DES:@STRENGTH'
dovecot_ssl_cipher_list_default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH'

# ]]]
# .. envvar:: dovecot_ssl_cipher_list_better_cypto [[[
@@ -22,13 +22,17 @@ ssl = yes
ssl_prefer_server_ciphers = yes

# Diffie-Hellman parameters length (Default is 1024, Dovecot >=2.2.7 Required)
ssl_dh_parameters_length = 2048
ssl_dh_parameters_length = {{ dovecot_ssl_dh_parameters_length }}

{% set dovecot_tpl_tls_cert_file = dovecot_pki_path + "/" + dovecot_pki_realm + "/" + dovecot_pki_crt %}
{% set dovecot_tpl_tls_key_file = dovecot_pki_path + "/" + dovecot_pki_realm + "/" + dovecot_pki_key %}
ssl_cert = <{{ dovecot_tpl_tls_cert_file }}
ssl_key = <{{ dovecot_tpl_tls_key_file }}
{% if (ansible_distribution_release in [ "wheezy", "jessie", "precise", "trusty" ] %}
ssl_protocols = {{ dovecot_ssl_protocols }}
{% else %}
ssl_min_protocol = {{ dovecot_ssl_protocols }}
{% endif %}
ssl_cipher_list = {{ dovecot_ssl_cipher_list }}
{% else %}
ssl = no

0 comments on commit eba3c30

Please sign in to comment.
You can’t perform that action at this time.