/[smeserver]/rpms/smeserver-dovecot/sme10/smeserver-dovecot-1.6.0-bz10934-Ciphers-and-TLS.patch
ViewVC logotype

Diff of /rpms/smeserver-dovecot/sme10/smeserver-dovecot-1.6.0-bz10934-Ciphers-and-TLS.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.2 by jpp, Sat May 2 21:20:09 2020 UTC Revision 1.4 by jpp, Tue May 5 02:09:38 2020 UTC
# Line 7  diff -Nur smeserver-dovecot-1.6.0.old/ro Line 7  diff -Nur smeserver-dovecot-1.6.0.old/ro
7   $proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled';   $proto .= ' !SSLv3' unless ($dovecot{'SSLv3'} || 'disabled') eq 'enabled';
8  -$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'enabled') eq 'enabled';  -$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'enabled') eq 'enabled';
9  +$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled';  +$proto .= ' !TLSv1' unless ($dovecot{'TLSv1'} || 'disabled') eq 'enabled';
10  +$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv11'} || 'disabled') eq 'enabled';  +$proto .= ' !TLSv1.1' unless ($dovecot{'TLSv1.1'} || 'disabled') eq 'enabled';
11  +$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv12'} || 'disabled') eq 'enabled';  +$proto .= ' !TLSv1.2' unless ($dovecot{'TLSv1.2'} || 'enabled') eq 'enabled';
12    
13  -$OUT .= "ssl_protocols =$proto\n" if ($proto ne '');  -$OUT .= "ssl_protocols =$proto\n" if ($proto ne '');
14  -$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";  -$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
15  +my $dh = $dovecot{'dh'} || '4096';  +my $dh = $dovecot{'dh'} || '4096';
16  +$OUT .= "ssl_dh_parameters_length = $dh\n";  +$OUT .= "ssl_dh_parameters_length = $dh\n";
17  +$OUT .= "ssl_protocols = $proto\n" if ($proto ne '');  +$OUT .= "ssl_protocols = $proto\n" if ($proto ne '');
18  +$OUT .= "ssl_prefer_server_ciphers = yes\n"  +$OUT .= "ssl_prefer_server_ciphers = yes\n";
19  +$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";  +$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
20    
21   }   }


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed