diff --git a/Dockerfile b/Dockerfile index 39b4619..528d6dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apk --no-cache add \ inotify-tools-dev RUN mkdir /tmp/dovecot -RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.0.tar.gz | tar -xz -C /tmp/dovecot --strip 2 +RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.4.tar.gz | tar -xz -C /tmp/dovecot --strip 2 RUN mkdir /tmp/pigeonhole RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1 diff --git a/README.md b/README.md index 9104bc1..bb8d955 100644 --- a/README.md +++ b/README.md @@ -98,12 +98,12 @@ Name of the certificate domain. Length of the Diffie-Helman key in bits. ## SSL_MIN_PROTOCOL -- default: TLSv1 +- default: TLSv1.2 Ssl minimum protocol version. ## SSL_CIPHERLIST -- default: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH +- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 Colon seperated list of supported ciphers (`!`disables a cipher). diff --git a/rootfs/etc/confd/templates/10-ssl.conf.tmpl b/rootfs/etc/confd/templates/10-ssl.conf.tmpl index 34c079e..f2a7346 100644 --- a/rootfs/etc/confd/templates/10-ssl.conf.tmpl +++ b/rootfs/etc/confd/templates/10-ssl.conf.tmpl @@ -2,6 +2,6 @@ ssl = yes ssl_cert =