commit 4c41b977fcb66b78a1f83f65984a28cc2018941c Author: Arkadiusz MiĆkiewicz <ar...@maven.pl> Date: Thu Dec 8 13:48:32 2016 +0100
- sane ssl defaults example exim4.conf | 4 ++++ 1 file changed, 4 insertions(+) --- diff --git a/exim4.conf b/exim4.conf index 13ae32d..5a5f2bf 100644 --- a/exim4.conf +++ b/exim4.conf @@ -166,6 +166,10 @@ tls_advertise_hosts = # daemon_smtp_ports = 25 : 465 : 587 # tls_on_connect_ports = 465 +# sane defaults +# https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 +# tls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS +# openssl_options = +no_sslv2 +no_sslv3 +no_compression # Specify the domain you want to be added to all unqualified addresses # here. An unqualified address is one that does not contain an "@" character ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/exim.git/commitdiff/4c41b977fcb66b78a1f83f65984a28cc2018941c _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit