Project

General

Profile

Statistics
| Branch: | Revision:

duckcorp-infra / ansible / roles / dc-postfix / templates / includes / tls.conf @ 9ab70ad9

History | View | Annotate | Download (1.02 KB)

1
## TLS
2
tls_preempt_cipherlist = yes
3
tls_ssl_options = NO_COMPRESSION
4
# (server)
5
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
6
smtpd_tls_ciphers = medium
7
smtpd_tls_mandatory_ciphers = high
8
smtpd_tls_eecdh_grade=auto
9
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
10
smtpd_tls_key_file = {{ cert_dir }}/{{ cert_base_name }}.key
11
smtpd_tls_cert_file = {{ cert_dir }}/{{ cert_base_name }}.crt
12
smtpd_tls_dh1024_param_file = {{ cert_dir }}/{{ cert_base_name }}.dh
13
smtpd_tls_loglevel = 1
14
smtpd_tls_received_header = yes
15
smtpd_tls_security_level = may
16
smtpd_tls_auth_only = yes
17
# (client)
18
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
19
smtp_tls_ciphers = medium
20
smtp_tls_mandatory_ciphers = high
21
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
22
smtp_tls_key_file = {{ cert_dir }}/{{ cert_base_name }}.key
23
smtp_tls_cert_file = {{ cert_dir }}/{{ cert_base_name }}.crt
24
smtp_tls_loglevel = 1
25
smtp_tls_security_level = dane
26
smtp_tls_note_starttls_offer = yes
27
smtp_tls_policy_maps = hash:$config_directory/tls_policy_maps