diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-05-05 22:10:25 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-05-05 22:10:25 +0200 |
commit | 35c9a700b5d87fd96260ea0022b4a78fed986836 (patch) | |
tree | 2cd61d0d71056d08bee46a0b6b57905aabb979dd /hosts/surtr/email | |
parent | bb9860c49f37d8e0b08275e2ad6762f36219e918 (diff) | |
download | nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.gz nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.bz2 nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.xz nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.zip |
surtr: ...
Diffstat (limited to 'hosts/surtr/email')
-rw-r--r-- | hosts/surtr/email/default.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index f4543bf4..cd8af21f 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -303,8 +303,19 @@ in { | |||
303 | 303 | ||
304 | ssl_require_crl = yes | 304 | ssl_require_crl = yes |
305 | ssl_verify_client_cert = yes | 305 | ssl_verify_client_cert = yes |
306 | |||
307 | ssl_min_protocol = TLSv1.2 | ||
308 | ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | ||
309 | ssl_prefer_server_ciphers = no | ||
310 | |||
306 | auth_ssl_username_from_cert = yes | 311 | auth_ssl_username_from_cert = yes |
312 | ssl_cert_username_field = commonName | ||
307 | auth_mechanisms = external | 313 | auth_mechanisms = external |
314 | auth_username_format = %n | ||
315 | |||
316 | auth_verbose = yes | ||
317 | verbose_ssl = yes | ||
318 | auth_debug = yes | ||
308 | 319 | ||
309 | service auth { | 320 | service auth { |
310 | user = dovecot2 | 321 | user = dovecot2 |