aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dovecot: restrict TLS cipher suites

Browse Source
This commit is contained in:
Martin Weinelt
2025-12-19 03:33:34 +01:00
parent 1415623586
commit 3579eb0001
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mail-server/dovecot.nix
+12
View File
@@ -368,6 +368,18 @@ in
ssl = required ssl = required
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = no ssl_prefer_server_ciphers = no
ssl_cipher_list = ${
lib.concatStringsSep ":" [
# TLS1.3
"TLS_AES_128_GCM_SHA256"
"TLS_CHACHA20_POLY1305_SHA256"
"TLS_AES_256_GCM_SHA384"
# TLS1.2
"ECDHE-ECDSA-AES128-GCM-SHA256"
"ECDHE-ECDSA-CHACHA20-POLY1305"
"ECDHE-ECDSA-AES256-GCM-SHA384"
]
}
ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1 ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
service lmtp { service lmtp {