s3lph/ansible-collection-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: update tls ciphersuite defaults

Browse source
This commit is contained in:
s3lph 2023-07-13 00:34:11 +02:00
parent ec0350ad2f
commit 73fa3b4df1
2 changed files with 4 additions and 4 deletions
galaxy.yml
roles/dovecot/defaults/main
tls.yml

2
galaxy.yml
View file

@ -8,7 +8,7 @@ namespace: s3lph
name: mailserver
# The version of the collection. Must be compatible with semantic versioning
version: '0.3.9'
version: '0.3.10'
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md

6
roles/dovecot/defaults/main/tls.yml
View file

@ -4,7 +4,7 @@ dovecot_tls_cert_filename: /etc/ssl/certs/ssl-cert-snakeoil.pem
dovecot_tls_key_filename: /etc/ssl/private/ssl-cert-snakeoil.key
dovecot_tls_dh_filename: /usr/share/dovecot/dh.pem
# generated 2020-12-05, Mozilla Guideline v5.6, Dovecot 2.3.4, OpenSSL 1.1.1d, intermediate configuration
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.4&config=intermediate&openssl=1.1.1d&guideline=5.6
# generated 2023-07-12, Mozilla Guideline v5.7, Dovecot 2.3.19, OpenSSL 3.0.9, intermediate configuration
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.19&config=intermediate&openssl=3.0.9&guideline=5.7
dovecot_tls_min_version: TLSv1.2
dovecot_tls_cipher_list: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" # noqa yaml[line-length]
dovecot_tls_cipher_list: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305" # noqa yaml[line-length]