self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-07-05 00:49:29 +02:00
Code Issues Releases Activity

Ensure we also pin ISRG X2 in TLSA

Browse Source
This commit is contained in:
Florent Daigniere
2024-03-11 10:21:54 +01:00
parent d76e543b2d
commit 7089cfea48
4 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
core/admin/mailu/models.py
View File

@ -281,9 +281,14 @@ class Domain(Base):
def dns_tlsa(self):
""" return TLSA record for domain when using letsencrypt """
hostname = app.config['HOSTNAME']
if app.config['TLS_FLAVOR'] in ('letsencrypt', 'mail-letsencrypt'):
# current ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1) @20210902
return f'_25._tcp.{hostname}. 86400 IN TLSA 2 1 1 0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3'
if True:# app.config['TLS_FLAVOR'] in ('letsencrypt', 'mail-letsencrypt'):
return [
# current ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1) @20210902
f'_25._tcp.{hostname}. 86400 IN TLSA 2 1 1 0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3',
# current ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = ISRG Root X2) @20240311
f'_25._tcp.{hostname}. 86400 IN TLSA 2 1 1 762195c225586ee6c0237456e2107dc54f1efc21f61a792ebd515913cce68332',
]
return []
@property
def dkim_key(self):