smeserver/smeserver-dovecot
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme

Browse Source 
- use esmith::ssl to set ciphers and protocol [SME: 12821]
  improve cipher order to get strongers first
  drop SSLv2
This commit is contained in:
Jean-Philippe Pialasse
2025-01-18 15:41:12 -05:00
parent 52e318c808
commit 9e05a63784
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl
View File

@@ -2,13 +2,11 @@ ssl = {$OUT .= ( (($imaps{'status'} || 'enabled') eq 'enabled') || (($pops{'stat
ssl_cert = </etc/dovecot/ssl/imapd.pem
ssl_key = </etc/dovecot/ssl/imapd.pem
{
my %protos={SLv3=>1,TLSv1=>1, TLSv1.1=>1, TLSv1.2=>1,TLSv1.3=>1};
my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $protos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : 'TLSv1.2';
use esmith::ssl;
my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $existingSSLprotos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : SSLprotoMin();
$OUT .= "ssl_dh=</etc/dovecot/ssl/dhparam.pem\n";
$OUT .= "ssl_min_protocol = $proto\n" if ($proto ne '');
$OUT .= "ssl_prefer_server_ciphers = yes\n";
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers ). "\n";
}