ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-05-04 17:50:51 +05:00
Code Issues Packages Projects Releases Wiki Activity

dovecot: prefer client cipher list

Browse Source 
All ciphers in TLSv1.2/TLSv1.3 are considered secure, so we can allow the
client to choose the most performant cipher according to their hardware
and software configuration.

This is in line with general recommendations, e.g. by Mozilla[1].

[1] https://wiki.mozilla.org/Security/Server_Side_TLS
This commit is contained in:
Martin Weinelt 2025-04-23 15:54:03 +02:00 committed by lewo
parent ab52efd622
commit 46fe2c25c8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mail-server/dovecot.nix
View File

@ -297,7 +297,7 @@ in
mail_access_groups = ${vmailGroupName} mail_access_groups = ${vmailGroupName}
ssl = required ssl = required
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes ssl_prefer_server_ciphers = no
service lmtp { service lmtp {
unix_listener dovecot-lmtp { unix_listener dovecot-lmtp {