mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-03 01:24:52 +02:00
Use best practice cipher suites for 2021 (#1802)
Update cipherlist to sync with OWASP B and Mozilla Intermediate
This commit is contained in:
Brennan Kinney
GitHub
parent
cb2ecacd56
commit
432f96b3a6
11 changed files with 454 additions and 20 deletions
|
|
@ -52,7 +52,7 @@ ssl_dh = </etc/dovecot/dh.pem
|
|||
ssl_min_protocol = TLSv1.2
|
||||
|
||||
# SSL ciphers to use
|
||||
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# Prefer the server's order of ciphers over client's.
|
||||
ssl_prefer_server_ciphers = yes
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue