From 35c9a700b5d87fd96260ea0022b4a78fed986836 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 5 May 2022 22:10:25 +0200 Subject: surtr: ... --- hosts/surtr/email/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'hosts/surtr/email/default.nix') diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index f4543bf4..cd8af21f 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix @@ -303,8 +303,19 @@ in { ssl_require_crl = yes ssl_verify_client_cert = yes + + ssl_min_protocol = TLSv1.2 + ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl_prefer_server_ciphers = no + auth_ssl_username_from_cert = yes + ssl_cert_username_field = commonName auth_mechanisms = external + auth_username_format = %n + + auth_verbose = yes + verbose_ssl = yes + auth_debug = yes service auth { user = dovecot2 -- cgit v1.2.3