diyIT
/
FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
FreeBSD/jails/config/mail/dovecot/conf.d/10-ssl.conf

12 lines
622 B
Plaintext
Raw Blame History

# require SSL for all non-localhost connections
ssl = required
ssl_cert = </mnt/certs/fullchain.pem
ssl_key = </mnt/certs/privkeyr.pem
# require modern crypto - taken from Mozilla's SSL recommendations page
#ssl_dh_parameters_length = 2048
#ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 TLSv1.2
#ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_prefer_server_ciphers = yes
Reference in New Issue View Git Blame Copy Permalink