Trying a more restrictive cipher suite for dovecot

diff --git a/templates/dovecot/dovecot.conf.squeeze.erb b/templates/dovecot/dovecot.conf.squeeze.erb
index 705d8688273234f5e15a6a0bd0475293b8fe102a..c9b092c10bae6c6a32ec887d88f0d2b30671b1a0 100644 (file)
--- a/templates/dovecot/dovecot.conf.squeeze.erb
+++ b/templates/dovecot/dovecot.conf.squeeze.erb
@@ -120,7 +120,8 @@ ssl_key_file = /etc/ssl/private/cert.pem
 #ssl_parameters_regenerate = 168
 
 # SSL ciphers to use
-ssl_cipher_list = ALL:!LOW:!SSLv2
+# See http://www.virtualmin.com/node/25057
+ssl_cipher_list = HIGH:!LOW:!MEDIUM:!MD5:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA:+TLSv1:+SSLv3:!SSLv2:+TLSv1.1:+TLSv1.2 
 
 # Show protocol level SSL errors.
 #verbose_ssl = no