Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1 
##
2 
## SSL settings
3 
##
4 
 
5 
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
6 
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
7 
# plain imap and pop3 are still allowed for local connections
8 
ssl = required
9 
 
10 
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
11 
# dropping root privileges, so keep the key file unreadable by anyone but
12 
# root. Included doc/mkcert.sh can be used to easily generate self-signed
13 
# certificate, just make sure to update the domains in dovecot-openssl.cnf
14 
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
15 
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
16 
ssl_cert = </etc/letsencrypt/live/homeserver8.ujsoftware.com/fullchain.pem
17 
ssl_key = </etc/letsencrypt/live/homeserver8.ujsoftware.com/privkey.pem
18 
 
19 
# If key file is password protected, give the password here. Alternatively
20 
# give it when starting dovecot with -p parameter. Since this file is often
21 
# world-readable, you may want to place this setting instead to a different
22 
# root owned 0600 file by using ssl_key_password = <path.
23 
#ssl_key_password =
24 
 
25 
# PEM encoded trusted certificate authority. Set this only if you intend to use
26 
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
27 
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
28 
#ssl_ca =
29 
 
30 
# Require that CRL check succeeds for client certificates.
31 
#ssl_require_crl = yes
32 
 
33 
# Directory and/or file for trusted SSL CA certificates. These are used only
34 
# when Dovecot needs to act as an SSL client (e.g. imapc backend or
35 
# submission service). The directory is usually /etc/pki/dovecot/certs in
36 
# Debian-based systems and the file is /etc/pki/tls/cert.pem in
37 
# RedHat-based systems.
38 
#ssl_client_ca_dir =
39 
#ssl_client_ca_file =
40 
 
41 
# Require valid cert when connecting to a remote server
42 
#ssl_client_require_valid_cert = yes
43 
 
44 
# Request client to send a certificate. If you also want to require it, set
45 
# auth_ssl_require_client_cert=yes in auth section.
46 
#ssl_verify_client_cert = no
47 
 
48 
# Which field from certificate to use for username. commonName and
49 
# x500UniqueIdentifier are the usual choices. You'll also need to set
50 
# auth_ssl_username_from_cert=yes.
51 
#ssl_cert_username_field = commonName
52 
 
53 
# SSL DH parameters
54 
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
55 
# Or migrate from old ssl-parameters.dat file with the command dovecot
56 
# gives on startup when ssl_dh is unset.
57 
ssl_dh = </etc/dovecot/dh.pem
58 
 
59 
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
60 
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
61 
#ssl_min_protocol = TLSv1
62 
ssl_min_protocol = TLSv1.2
63 
 
64 
# SSL ciphers to use, the default is:
65 
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
66 
# To disable non-EC DH, use:
67 
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
68 
ssl_cipher_list = PROFILE=SYSTEM
69 
 
70 
# Colon separated list of elliptic curves to use. Empty value (the default)
71 
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
72 
# example of a valid value.
73 
#ssl_curve_list =
74 
 
75 
# Prefer the server's order of ciphers over client's.
76 
#ssl_prefer_server_ciphers = no
77 
ssl_prefer_server_ciphers = yes
78 
 
79 
# SSL crypto device to use, for valid values run "openssl engine"
80 
#ssl_crypto_device =
81 
 
82 
# SSL extra options. Currently supported options are:
83 
#   compression - Enable compression.
84 
#   no_ticket - Disable SSL session tickets.
85 
#ssl_options =