summaryrefslogtreecommitdiff
path: root/hosts/surtr/email/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/email/default.nix')
-rw-r--r--hosts/surtr/email/default.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index f4543bf4..cd8af21f 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -303,8 +303,19 @@ in {
303 303
304 ssl_require_crl = yes 304 ssl_require_crl = yes
305 ssl_verify_client_cert = yes 305 ssl_verify_client_cert = yes
306
307 ssl_min_protocol = TLSv1.2
308 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
309 ssl_prefer_server_ciphers = no
310
306 auth_ssl_username_from_cert = yes 311 auth_ssl_username_from_cert = yes
312 ssl_cert_username_field = commonName
307 auth_mechanisms = external 313 auth_mechanisms = external
314 auth_username_format = %n
315
316 auth_verbose = yes
317 verbose_ssl = yes
318 auth_debug = yes
308 319
309 service auth { 320 service auth {
310 user = dovecot2 321 user = dovecot2