Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Change ciphers

andryyy 8 years ago
parent
621235d8da
commit
86a8dc195e
3 changed files with 12 additions and 6 deletions
Split View Show Diff Stats
  1. 3 1
      data/conf/dovecot/dovecot.conf
  2. 2 2
      data/conf/nginx/site.conf
  3. 7 3
      data/conf/postfix/main.cf

+ 3 - 1
data/conf/dovecot/dovecot.conf
View File 

@@ -13,7 +13,9 @@ mail_location = maildir:~/
 
 mail_plugins = quota acl zlib antispam
 
 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
 
 ssl_protocols = !SSLv3 !SSLv2
 
-ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
 
+ssl_prefer_server_ciphers = yes
 
+ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
 
+ssl_options = no_compression
 
 # Automatically regenerates every week
 
 ssl_dh_parameters_length = 2048
 
 log_timestamp = "%Y-%m-%d %H:%M:%S "

+ 2 - 2
data/conf/nginx/site.conf
View File 

@@ -5,9 +5,9 @@ server {
 
   ssl_certificate_key /etc/ssl/mail/key.pem;
 
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
   ssl_prefer_server_ciphers on;
 
-  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 
+  ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
 
+  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
   ssl_ecdh_curve secp384r1;
 
-  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
   index index.php index.html;
 
   server_name _ autodiscover.* autoconfig.*;
 
   error_log  /var/log/nginx/error.log;

+ 7 - 3
data/conf/postfix/main.cf
View File 

@@ -69,12 +69,16 @@ smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
 
 smtpd_tls_eecdh_grade = strong
 
 smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
 
 smtpd_tls_loglevel = 1
 
-smtpd_tls_mandatory_ciphers = high
 
-smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
 
+smtp_tls_protocols = !SSLv2, !SSLv3
 
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
 
+lmtp_tls_protocols = !SSLv2, !SSLv3
 
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 
 smtpd_tls_protocols = !SSLv2, !SSLv3
 
+smtpd_tls_mandatory_ciphers = high
 
 smtpd_tls_security_level = may
 
-tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
 
+tls_ssl_options = NO_COMPRESSION
 
+tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
 
 virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf
 
 virtual_gid_maps = static:5000
 
 virtual_mailbox_base = /var/vmail/