aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'dovecot-hybrid-curve' into 'master'

Browse Source 
dovecot: update TLS requirements

See merge request simple-nixos-mailserver/nixos-mailserver!477
This commit is contained in:
Martin Weinelt
2025-12-21 12:54:46 +00:00
parent 616a57af55 3579eb0001
commit 7d433bf898
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mail-server/dovecot.nix
+13 -1
View File
@@ -368,7 +368,19 @@ in
ssl = required
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = no
ssl_curve_list = X25519:prime256v1:secp384r1
ssl_cipher_list = ${
lib.concatStringsSep ":" [
# TLS1.3
"TLS_AES_128_GCM_SHA256"
"TLS_CHACHA20_POLY1305_SHA256"
"TLS_AES_256_GCM_SHA384"
# TLS1.2
"ECDHE-ECDSA-AES128-GCM-SHA256"
"ECDHE-ECDSA-CHACHA20-POLY1305"
"ECDHE-ECDSA-AES256-GCM-SHA384"
]
}
ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
service lmtp {
unix_listener dovecot-lmtp {