Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
dovecot22.5865
dovecot-2.2.18-better_ssl_defaults.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-2.2.18-better_ssl_defaults.patch of Package dovecot22.5865
Index: dovecot-2.2.19/doc/example-config/conf.d/10-ssl.conf =================================================================== --- dovecot-2.2.19.orig/doc/example-config/conf.d/10-ssl.conf +++ dovecot-2.2.19/doc/example-config/conf.d/10-ssl.conf @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = </etc/ssl/private/dovecot.crt -ssl_key = </etc/ssl/private/dovecot.pem +#ssl_cert = </etc/ssl/private/dovecot.crt +#ssl_key = </etc/ssl/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often @@ -43,20 +43,20 @@ ssl_key = </etc/ssl/private/dovecot.pem #ssl_cert_username_field = commonName # DH parameters length to use. -#ssl_dh_parameters_length = 1024 +ssl_dh_parameters_length = 2048 # SSL protocols to use -#ssl_protocols = !SSLv2 +ssl_protocols = !SSLv2 !SSLv3 # SSL ciphers to use -#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL +ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # Prefer the server's order of ciphers over client's. -#ssl_prefer_server_ciphers = no +ssl_prefer_server_ciphers = yes # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. -#ssl_options = +ssl_options = no_compression Index: dovecot-2.2.19/src/lib-master/master-service-ssl-settings.c =================================================================== --- dovecot-2.2.19.orig/src/lib-master/master-service-ssl-settings.c +++ dovecot-2.2.19/src/lib-master/master-service-ssl-settings.c @@ -43,8 +43,8 @@ static const struct master_service_ssl_s .ssl_cert = "", .ssl_key = "", .ssl_key_password = "", - .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL", - .ssl_protocols = "!SSLv2", + .ssl_cipher_list = "ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", + .ssl_protocols = "!SSLv2 !SSLv3", .ssl_cert_username_field = "commonName", .ssl_crypto_device = "", .ssl_verify_client_cert = FALSE,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor