- sane ssl defaults example
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Thu, 8 Dec 2016 12:48:32 +0000 (13:48 +0100)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Thu, 8 Dec 2016 12:48:32 +0000 (13:48 +0100)
exim4.conf

index 13ae32d..5a5f2bf 100644 (file)
@@ -166,6 +166,10 @@ tls_advertise_hosts =
 # daemon_smtp_ports = 25 : 465 : 587
 # tls_on_connect_ports = 465
 
+# sane defaults
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
+# tls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+# openssl_options = +no_sslv2 +no_sslv3 +no_compression
 
 # Specify the domain you want to be added to all unqualified addresses
 # here. An unqualified address is one that does not contain an "@" character
This page took 0.719195 seconds and 4 git commands to generate.