majic-ansible-roles Changeset

Changeset - 2e340af74a96

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 4 years ago 2020-05-19 19:58:36
branko@majic.rs

MAR-153: Updated role reference documentation and release notes:

- Marks the change as breaking because it could mean older
client/servers cannot interoperate with the Majic Ansible Roles TLS
services any longer.

2 files changed with 32 insertions and 0 deletions:

docs/releasenotes.rst

docs/rolereference.rst

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -20,6 +20,30 @@ Breaking changes: @@
   * Support for Debian 8 Jessie has been dropped.
 * ``mail_forwarder`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the SMTP server.
 * ``mail_server`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the SMTP/IMAP server.
 * ``web_server`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older clients
     trying to connect to the web server.
 * ``xmpp_server`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the XMPP server.
 Bug fixes:
 * ``common`` role

docs/rolereference.rst

➞

Show inline comments

@@ @@ -851,6 +851,8 @@ Prosody is configured as follows: @@
 * Self-registration is not allowed.
 * TLS is configured. Legacy TLS is available on port 5223.
 * Client-to-server communication requires encryption (TLS).
 * Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
   incoming connections.
 * Authentication is done via LDAP. For setting the LDAP TLS truststore, see
   :ref:`LDAP Client <ldap_client>`.
 * Internal storage is used.
@@ @@ -1014,6 +1016,8 @@ Deployed services are configured as follows: @@
 * Mail is stored in directory ``/var/MAIL_USER/DOMAIN/USER``, using ``Maildir``
   format.
 * TLS is required for user log-ins for both SMTP and IMAP.
 * Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
   incoming connections.
 * For user submission (SMTP), users must connect and authenticate over TCP
   port 587.
 * Configures TLS versions and ciphers supported by Dovecot.
@@ @@ -1253,6 +1257,8 @@ Postfix is configured as follows: @@
 * TLS is enforced for relaying mails, with configurable truststore for server
   certificate verification if SMTP relay is used. If SMTP relay is not used
   (configured), no certificate verification is done.
 * Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
   incoming connections.
 Role dependencies
@@ @@ -1338,6 +1344,8 @@ The role implements the following: @@
   index page.
 * Deploys the HTTPS TLS private key and certificate (for default vhost).
 * Configures TLS versions and ciphers supported by Nginx.
 * Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
   incoming connections.
 * Configures firewall to allow incoming connections to the web server.
 * Installs and configures virtualenv and virtualenvwrapper as a common base for
   Python apps.

0 comments (0 inline, 0 general)