forked from ISTI-ansible-roles/ansible-roles
Merge branch 'master' of adellam/ansible-roles into master
This commit is contained in:
commit
8c58aa6717
|
@ -668,6 +668,42 @@ manpage_directory = /usr/share/man
|
||||||
readme_directory = no
|
readme_directory = no
|
||||||
|
|
||||||
# TLS parameters
|
# TLS parameters
|
||||||
|
# 2019-12-11, https://ssl-config.mozilla.org/#server=postfix&server-version=2.10.1&config=intermediate&openssl-version=1.0.2k
|
||||||
|
# smtpd_use_tls = yes
|
||||||
|
|
||||||
|
# smtpd_tls_security_level = may
|
||||||
|
# smtpd_tls_auth_only = yes
|
||||||
|
# smtpd_tls_cert_file = /path/to/signed_cert_plus_intermediates
|
||||||
|
# smtpd_tls_key_file = /path/to/private_key
|
||||||
|
# smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||||
|
# smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||||
|
# smtpd_tls_mandatory_ciphers = medium
|
||||||
|
|
||||||
|
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
|
||||||
|
# not actually 1024 bits, this applies to all DHE >= 1024 bits
|
||||||
|
# smtpd_tls_dh1024_param_file = /path/to/dhparam.pem
|
||||||
|
|
||||||
|
# tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
# tls_preempt_cipherlist = no
|
||||||
|
|
||||||
|
# 2019-12-11, https://ssl-config.mozilla.org/#server=postfix&server-version=2.10.1&config=old&openssl-version=1.0.2k
|
||||||
|
# smtpd_use_tls = yes
|
||||||
|
|
||||||
|
# smtpd_tls_security_level = may
|
||||||
|
# smtpd_tls_auth_only = yes
|
||||||
|
# smtpd_tls_cert_file = /path/to/signed_cert_plus_intermediates
|
||||||
|
# smtpd_tls_key_file = /path/to/private_key
|
||||||
|
# smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||||
|
# smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||||
|
# smtpd_tls_mandatory_ciphers = medium
|
||||||
|
|
||||||
|
# openssl dhparam 1024 > /path/to/dhparam.pem
|
||||||
|
# not actually 1024 bits, this applies to all DHE >= 1024 bits
|
||||||
|
# smtpd_tls_dh1024_param_file = /path/to/dhparam.pem
|
||||||
|
|
||||||
|
# tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
|
||||||
|
# tls_preempt_cipherlist = yes
|
||||||
|
|
||||||
# Server
|
# Server
|
||||||
{% if letsencrypt_acme_install is defined %}
|
{% if letsencrypt_acme_install is defined %}
|
||||||
{% if postfix_use_letsencrypt %}
|
{% if postfix_use_letsencrypt %}
|
||||||
|
|
Loading…
Reference in New Issue