1175: specify user for cron.d freshclam file (#1176)

* 1175: specify user for cron.d freshclam file * Fix Dovecot SSL parameters and generate dhparams as for Postfix * Fixed broken unit tests
2025-08-02 17:14:31 +02:00 · 2019-07-23 16:12:12 +02:00 · 2019-07-23 16:12:12 +02:00 · 603dbbd7b0
commit 603dbbd7b0
parent adf3d8e1b3
5 changed files with 47 additions and 8 deletions
--- a/target/dovecot/10-ssl.conf
+++ b/target/dovecot/10-ssl.conf
@ -42,11 +42,15 @@ ssl_key = </etc/dovecot/ssl/dovecot.key
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName

-# DH parameters length to use.
-ssl_dh_parameters_length = 2048
+# SSL DH parameters
+# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
+# Or migrate from old ssl-parameters.dat file with the command dovecot
+# gives on startup when ssl_dh is unset.
+ssl_dh = </etc/dovecot/dh.pem

-# SSL protocols to use
-ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1
+# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
+# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
+ssl_min_protocol = TLSv1.2

 # SSL ciphers to use
 ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256