update cipher lists
This commit is contained in:
parent
c6e51bfd05
commit
6b032be7a4
@ -18,7 +18,7 @@ RUN apk --no-cache add \
|
||||
inotify-tools-dev
|
||||
|
||||
RUN mkdir /tmp/dovecot
|
||||
RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.0.tar.gz | tar -xz -C /tmp/dovecot --strip 2
|
||||
RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.4.tar.gz | tar -xz -C /tmp/dovecot --strip 2
|
||||
|
||||
RUN mkdir /tmp/pigeonhole
|
||||
RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1
|
||||
|
@ -98,12 +98,12 @@ Name of the certificate domain.
|
||||
Length of the Diffie-Helman key in bits.
|
||||
|
||||
## SSL_MIN_PROTOCOL
|
||||
- default: TLSv1
|
||||
- default: TLSv1.2
|
||||
|
||||
Ssl minimum protocol version.
|
||||
|
||||
## SSL_CIPHERLIST
|
||||
- default: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
|
||||
Colon seperated list of supported ciphers (`!`disables a cipher).
|
||||
|
||||
|
@ -2,6 +2,6 @@ ssl = yes
|
||||
ssl_cert = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.crt
|
||||
ssl_key = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.key
|
||||
ssl_dh=</etc/ssl/mail/dh.pem
|
||||
ssl_min_protocol = {{getenv "SSL_MIN_PROTOCOL" "TLSv1"}}
|
||||
ssl_cipher_list = {{getenv "SSL_CIPHERLIST" "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH "}}
|
||||
ssl_min_protocol = {{getenv "SSL_MIN_PROTOCOL" "TLSv1.2"}}
|
||||
ssl_cipher_list = {{getenv "SSL_CIPHERLIST" "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"}}
|
||||
ssl_prefer_server_ciphers = yes
|
||||
|
Loading…
Reference in New Issue
Block a user