diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-08-19 15:33:51 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-08-19 15:33:51 -0300 |
commit | da63b146d91e351120f6de66bcebe91e6389f2f8 (patch) | |
tree | 6d374c9085bf7301a0ae15d21574257aa556aa07 /templates | |
parent | 02d67a46797b1df10a1b50914c22e941527d3119 (diff) | |
download | puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.gz puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.bz2 |
Dovecot: drops SSLv2 and SSLv3 via ssl_protocols
Diffstat (limited to 'templates')
-rw-r--r-- | templates/dovecot/dovecot.conf.wheezy.erb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/dovecot/dovecot.conf.wheezy.erb b/templates/dovecot/dovecot.conf.wheezy.erb index cf2d720..0d18b85 100644 --- a/templates/dovecot/dovecot.conf.wheezy.erb +++ b/templates/dovecot/dovecot.conf.wheezy.erb @@ -40,7 +40,10 @@ ssl_key = </etc/ssl/private/cert.pem # SSL ciphers to use # See http://www.virtualmin.com/node/25057 +# https://zmap.io/sslv3/servers.html +# https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3 +ssl_protocols = !SSlv2 !SSLv3 userdb { args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes |