self-hosted/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-08 23:06:49 +02:00
Code Issues Releases Activity

fix: Dovecot: ssl config

Browse Source 
Signed-off-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach
2025-08-02 16:37:37 +02:00
parent a96d459c49
commit 536fd584eb
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
target/dovecot/10-ssl.conf
View File

@ -9,8 +9,8 @@
# dropping root privileges, so keep the key file unreadable by anyone but root.
# These [snakeoil files actually exist](https://askubuntu.com/questions/396120/what-is-the-purpose-of-the-ssl-cert-snakeoil-key), but shouldn't ever be used in production!
# As `SSL_TYPE` env is required by docker-mailserver, these "snakeoil" files will be replaced on container startup.
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
ssl_server_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_server_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
# Fallback/Hybrid cert support. docker-mailserver will enable these when using ENV vars `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH`.
#ssl_alt_cert = </path/to/alternative/cert.pem
#ssl_alt_key = </path/to/alternative/key.pem
@ -48,7 +48,7 @@ ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
# SSL DH parameters
# Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely.
# `docker-mailserver` is configured to use the recommended pre-defined 4096-bit DHE Group at https://github.com/internetstandards/dhe_groups
ssl_dh = </etc/dovecot/dh.pem
ssl_server_dh_file = /etc/dovecot/dh.pem
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
@ -57,8 +57,8 @@ ssl_min_protocol = TLSv1.2
# SSL ciphers to use
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
# ref: https://doc.dovecot.org/main/core/summaries/settings.html#ssl_server_prefer_ciphers
ssl_server_prefer_ciphers = server
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =