1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00

tighten the cipher list

This commit is contained in:
downtownallday 2022-09-07 16:17:22 -04:00
parent 20646e43f8
commit 2461e9a36c

View File

@ -436,8 +436,10 @@ olcTLSCertificateKeyFile: $STORAGE_ROOT/ssl/ssl_private_key.pem
replace: olcTLSDHParamFile
olcTLSDHParamFile: $STORAGE_ROOT/ssl/dh2048.pem
-
# TLS ciphers. To see expanded corresponding cipher suites run:
# gnutls-cli --priority PFS:-VERS-TLS1.0:-VERS-TLS1.1 -l
replace: olcTLSCipherSuite
olcTLSCipherSuite: PFS
olcTLSCipherSuite: PFS:-VERS-TLS1.0:-VERS-TLS1.1
-
replace: olcTLSVerifyClient
olcTLSVerifyClient: never