summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-08-19 15:33:51 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-08-19 15:33:51 -0300
commitda63b146d91e351120f6de66bcebe91e6389f2f8 (patch)
tree6d374c9085bf7301a0ae15d21574257aa556aa07
parent02d67a46797b1df10a1b50914c22e941527d3119 (diff)
downloadpuppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.gz
puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.bz2
Dovecot: drops SSLv2 and SSLv3 via ssl_protocols
-rw-r--r--templates/dovecot/dovecot.conf.wheezy.erb3
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/dovecot/dovecot.conf.wheezy.erb b/templates/dovecot/dovecot.conf.wheezy.erb
index cf2d720..0d18b85 100644
--- a/templates/dovecot/dovecot.conf.wheezy.erb
+++ b/templates/dovecot/dovecot.conf.wheezy.erb
@@ -40,7 +40,10 @@ ssl_key = </etc/ssl/private/cert.pem
# SSL ciphers to use
# See http://www.virtualmin.com/node/25057
+# https://zmap.io/sslv3/servers.html
+# https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3
+ssl_protocols = !SSlv2 !SSLv3
userdb {
args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes