20 lines
1.0 KiB
Plaintext
20 lines
1.0 KiB
Plaintext
ssl = {$OUT .= ( (($imaps{'status'} || 'enabled') eq 'enabled') || (($pops{'status'} || 'enabled') eq 'enabled') ) ? 'yes':'no';}
|
|
ssl_cert = </etc/dovecot/ssl/imapd.pem
|
|
ssl_key = </etc/dovecot/ssl/imapd.pem
|
|
{
|
|
|
|
my $proto = '';
|
|
$proto .= ' !SSLv2' unless ($dovecot{'SSLv2'} || 'disabled') eq 'enabled';
|
|
$proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled';
|
|
$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled';
|
|
$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv1.1'} || 'disabled') eq 'enabled';
|
|
$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv1.2'} || 'enabled') eq 'enabled';
|
|
|
|
my $dh = $dovecot{'dh'} || '4096';
|
|
$OUT .= "ssl_dh_parameters_length = $dh\n";
|
|
$OUT .= "ssl_protocols = $proto\n" if ($proto ne '');
|
|
$OUT .= "ssl_prefer_server_ciphers = yes\n";
|
|
$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
|
|
|
|
}
|