eras 14/12/08 08:14:44 Modified: dovecot-10-ssl.patch Log: Change cipher list recommendation (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
Revision Changes Path 1.2 net-mail/dovecot/files/dovecot-10-ssl.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/dovecot/files/dovecot-10-ssl.patch?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/dovecot/files/dovecot-10-ssl.patch?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/dovecot/files/dovecot-10-ssl.patch?r1=1.1&r2=1.2 Index: dovecot-10-ssl.patch =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-mail/dovecot/files/dovecot-10-ssl.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- dovecot-10-ssl.patch 12 May 2014 15:27:43 -0000 1.1 +++ dovecot-10-ssl.patch 8 Dec 2014 08:14:44 -0000 1.2 @@ -1,19 +1,15 @@ -# bug 508552 ---- doc/example-config/conf.d/10-ssl.conf 2013-11-24 13:37:39.000000000 +0000 -+++ doc/example-config/conf.d/10-ssl.conf 2014-05-12 14:42:26.000000000 +0000 -@@ -51,6 +51,15 @@ +--- doc/example-config/conf.d/10-ssl.conf 2014-12-08 07:58:21.000000000 +0000 ++++ doc/example-config/conf.d/10-ssl.conf 2014-12-08 08:02:19.000000000 +0000 +@@ -49,6 +49,12 @@ + #ssl_protocols = !SSLv2 + # SSL ciphers to use ++# ############### ++# Added by Gentoo ++# You are encouraged to change the cipher list to ++#ssl_cipher_list = DEFAULT:!EXPORT:!LOW:!MEDIUM:!MD5 ++# if you are not required to support legacy mail clients. ++# ############### #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL -+# ########################################## -+# You are strongly encouraged to change the above two settings to -+# -+#ssl_protocols = !SSLv2 !SSLv3 -+#ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH -+# -+# if you are not required to support legacy mail clients. -+# ########################################## -+ # Prefer the server's order of ciphers over client's. - #ssl_prefer_server_ciphers = no -