Trying a more restrictive cipher suite for dovecot that works

author Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)
diff --git a/templates/dovecot/dovecot.conf.squeeze.erb b/templates/dovecot/dovecot.conf.squeeze.erb

index c9b092c10bae6c6a32ec887d88f0d2b30671b1a0..2df5834cd1dda3f67394ef2db876d214e6e35d8a 100644 (file)
--- a/templates/dovecot/dovecot.conf.squeeze.erb
+++ b/templates/dovecot/dovecot.conf.squeeze.erb
@@ -121,7 +121,7 @@ ssl_key_file = /etc/ssl/private/cert.pem
  
  # SSL ciphers to use
  # See http://www.virtualmin.com/node/25057
-ssl_cipher_list = HIGH:!LOW:!MEDIUM:!MD5:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA:+TLSv1:+SSLv3:!SSLv2:+TLSv1.1:+TLSv1.2 
+ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
  
  # Show protocol level SSL errors.
  #verbose_ssl = no
author	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Jul 2013 20:50:11 +0000 (17:50 -0300)