Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1
##
2
## SSL settings
3
##
4
 
5
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
6
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
7
# plain imap and pop3 are still allowed for local connections
8
ssl = required
9
 
10
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
11
# dropping root privileges, so keep the key file unreadable by anyone but
12
# root. Included doc/mkcert.sh can be used to easily generate self-signed
13
# certificate, just make sure to update the domains in dovecot-openssl.cnf
14
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
15
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
16
ssl_cert = </etc/letsencrypt/live/homeserver8.ujsoftware.com/fullchain.pem
17
ssl_key = </etc/letsencrypt/live/homeserver8.ujsoftware.com/privkey.pem
18
 
19
# If key file is password protected, give the password here. Alternatively
20
# give it when starting dovecot with -p parameter. Since this file is often
21
# world-readable, you may want to place this setting instead to a different
22
# root owned 0600 file by using ssl_key_password = <path.
23
#ssl_key_password =
24
 
25
# PEM encoded trusted certificate authority. Set this only if you intend to use
26
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
27
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
28
#ssl_ca =
29
 
30
# Require that CRL check succeeds for client certificates.
31
#ssl_require_crl = yes
32
 
33
# Directory and/or file for trusted SSL CA certificates. These are used only
34
# when Dovecot needs to act as an SSL client (e.g. imapc backend or
35
# submission service). The directory is usually /etc/pki/dovecot/certs in
36
# Debian-based systems and the file is /etc/pki/tls/cert.pem in
37
# RedHat-based systems.
38
#ssl_client_ca_dir =
39
#ssl_client_ca_file =
40
 
41
# Require valid cert when connecting to a remote server
42
#ssl_client_require_valid_cert = yes
43
 
44
# Request client to send a certificate. If you also want to require it, set
45
# auth_ssl_require_client_cert=yes in auth section.
46
#ssl_verify_client_cert = no
47
 
48
# Which field from certificate to use for username. commonName and
49
# x500UniqueIdentifier are the usual choices. You'll also need to set
50
# auth_ssl_username_from_cert=yes.
51
#ssl_cert_username_field = commonName
52
 
53
# SSL DH parameters
54
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
55
# Or migrate from old ssl-parameters.dat file with the command dovecot
56
# gives on startup when ssl_dh is unset.
57
ssl_dh = </etc/dovecot/dh.pem
58
 
59
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
60
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
61
#ssl_min_protocol = TLSv1
62
ssl_min_protocol = TLSv1.2
63
 
64
# SSL ciphers to use, the default is:
65
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
66
# To disable non-EC DH, use:
67
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
68
ssl_cipher_list = PROFILE=SYSTEM
69
 
70
# Colon separated list of elliptic curves to use. Empty value (the default)
71
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
72
# example of a valid value.
73
#ssl_curve_list =
74
 
75
# Prefer the server's order of ciphers over client's.
76
#ssl_prefer_server_ciphers = no
77
ssl_prefer_server_ciphers = yes
78
 
79
# SSL crypto device to use, for valid values run "openssl engine"
80
#ssl_crypto_device =
81
 
82
# SSL extra options. Currently supported options are:
83
#   compression - Enable compression.
84
#   no_ticket - Disable SSL session tickets.
85
#ssl_options =