From 73fa3b4df1d8f8febda59b46e2ee4c8eb00c1105 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Thu, 13 Jul 2023 00:34:11 +0200
Subject: [PATCH] chore: update tls ciphersuite defaults

---
 galaxy.yml                          | 2 +-
 roles/dovecot/defaults/main/tls.yml | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/galaxy.yml b/galaxy.yml
index dc91448..1ce4073 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -8,7 +8,7 @@ namespace: s3lph
 name: mailserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: '0.3.9'
+version: '0.3.10'
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
diff --git a/roles/dovecot/defaults/main/tls.yml b/roles/dovecot/defaults/main/tls.yml
index 63f6051..9c2bd92 100644
--- a/roles/dovecot/defaults/main/tls.yml
+++ b/roles/dovecot/defaults/main/tls.yml
@@ -4,7 +4,7 @@ dovecot_tls_cert_filename: /etc/ssl/certs/ssl-cert-snakeoil.pem
 dovecot_tls_key_filename: /etc/ssl/private/ssl-cert-snakeoil.key
 dovecot_tls_dh_filename: /usr/share/dovecot/dh.pem
 
-# generated 2020-12-05, Mozilla Guideline v5.6, Dovecot 2.3.4, OpenSSL 1.1.1d, intermediate configuration
-# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.4&config=intermediate&openssl=1.1.1d&guideline=5.6
+# generated 2023-07-12, Mozilla Guideline v5.7, Dovecot 2.3.19, OpenSSL 3.0.9, intermediate configuration
+# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.19&config=intermediate&openssl=3.0.9&guideline=5.7
 dovecot_tls_min_version: TLSv1.2
-dovecot_tls_cipher_list: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"  # noqa yaml[line-length]
+dovecot_tls_cipher_list: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"  # noqa yaml[line-length]