Merge branch 'dovecot-hybrid-curve' into 'master'
dovecot: update TLS requirements See merge request simple-nixos-mailserver/nixos-mailserver!477
This commit is contained in:
Martin Weinelt
+13
-1
@@ -368,7 +368,19 @@ in
|
|||||||
ssl = required
|
ssl = required
|
||||||
ssl_min_protocol = TLSv1.2
|
ssl_min_protocol = TLSv1.2
|
||||||
ssl_prefer_server_ciphers = no
|
ssl_prefer_server_ciphers = no
|
||||||
ssl_curve_list = X25519:prime256v1:secp384r1
|
ssl_cipher_list = ${
|
||||||
|
lib.concatStringsSep ":" [
|
||||||
|
# TLS1.3
|
||||||
|
"TLS_AES_128_GCM_SHA256"
|
||||||
|
"TLS_CHACHA20_POLY1305_SHA256"
|
||||||
|
"TLS_AES_256_GCM_SHA384"
|
||||||
|
# TLS1.2
|
||||||
|
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||||
|
"ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||||
|
"ECDHE-ECDSA-AES256-GCM-SHA384"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
ssl_curve_list = X25519MLKEM768:X25519:prime256v1:secp384r1
|
||||||
|
|
||||||
service lmtp {
|
service lmtp {
|
||||||
unix_listener dovecot-lmtp {
|
unix_listener dovecot-lmtp {
|
||||||
|
|||||||
Reference in New Issue
Block a user