blob: 8efa1d2f5777f707f648ea46ed57e553412d16ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
# SSL/TLS Configuration
ssl = required
ssl_key = "</etc/letsencrypt/live/{{ mail_domain }}/privkey.pem"
ssl_cert = "</etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem"
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </usr/share/dovecot/dh.pem
# Mozilla modern compatibility (https://wiki.mozilla.org/Security/Server_Side_TLS)
# This is here for future use - Dovecot does not support using only TLSv1.3 right now.
#ssl_min_protocol = TLSv1.3
# Ciphers listed here are just for reference, DO NOT uncomment, this is not a valid
# openssl cipherlist
#ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
# Mozilla intermediate compatibility (https://wiki.mozilla.org/Security/Server_Side_TLS)
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE+ECDSA+AESGCM:ECDHE+aRSA+AESGCM:ECDHE+ECDSA+CHACHA20:ECDHE+aRSA+CHACHA20:DHE+aRSA+AESGCM:!aNULL:!eNULL
ssl_prefer_server_ciphers = yes
ssl_client_require_valid_cert = yes
|
