Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
dovecot22.5071
dovecot-2.2.18-better_ssl_defaults.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-2.2.18-better_ssl_defaults.patch of Package dovecot22.5071
Index: dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf =================================================================== --- dovecot-2.2.31.rc1.orig/doc/example-config/conf.d/10-ssl.conf +++ dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = </etc/ssl/private/dovecot.crt -ssl_key = </etc/ssl/private/dovecot.pem +#ssl_cert = </etc/ssl/private/dovecot.crt +#ssl_key = </etc/ssl/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often @@ -43,16 +43,19 @@ ssl_key = </etc/ssl/private/dovecot.pem #ssl_cert_username_field = commonName # DH parameters length to use. -#ssl_dh_parameters_length = 1024 +ssl_dh_parameters_length = 2048 # SSL protocols to use #ssl_protocols = !SSLv3 +ssl_protocols = !SSLv2 !SSLv3 # SSL ciphers to use #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL +ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no +ssl_prefer_server_ciphers = yes # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = @@ -61,3 +64,4 @@ ssl_key = </etc/ssl/private/dovecot.pem # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = +ssl_options = no_compression Index: dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c =================================================================== --- dovecot-2.2.31.rc1.orig/src/lib-master/master-service-ssl-settings.c +++ dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c @@ -47,7 +47,7 @@ static const struct master_service_ssl_s .ssl_alt_cert = "", .ssl_alt_key = "", .ssl_key_password = "", - .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL", + .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", #ifdef SSL_TXT_SSLV2 .ssl_protocols = "!SSLv2 !SSLv3", #else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor