7 |
$proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled'; |
$proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled'; |
8 |
-$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'enabled') eq 'enabled'; |
-$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'enabled') eq 'enabled'; |
9 |
+$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled'; |
+$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled'; |
10 |
+$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv11'} || 'disabled') eq 'enabled'; |
+$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv1.1'} || 'disabled') eq 'enabled'; |
11 |
+$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv12'} || 'disabled') eq 'enabled'; |
+$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv1.2'} || 'enabled') eq 'enabled'; |
12 |
|
|
13 |
-$OUT .= "ssl_protocols =$proto\n" if ($proto ne ''); |
-$OUT .= "ssl_protocols =$proto\n" if ($proto ne ''); |
14 |
-$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n"; |
-$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n"; |
15 |
+my $dh = $dovecot{'dh'} || '4096'; |
+my $dh = $dovecot{'dh'} || '4096'; |
16 |
+$OUT .= "ssl_dh_parameters_length = $dh\n"; |
+$OUT .= "ssl_dh_parameters_length = $dh\n"; |
17 |
+$OUT .= "ssl_protocols = $proto\n" if ($proto ne ''); |
+$OUT .= "ssl_protocols = $proto\n" if ($proto ne ''); |
18 |
+$OUT .= "ssl_prefer_server_ciphers = yes\n" |
+$OUT .= "ssl_prefer_server_ciphers = yes\n"; |
19 |
+$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n"; |
+$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n"; |
20 |
|
|
21 |
} |
} |