Files @ 004a2ec1b5a9
Branch filter:

Location: majic-ansible-roles/roles/mail_server/defaults/main.yml

004a2ec1b5a9 775 B text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-230: Add support for TLSv1.3 to the mail_server role:

- Tests/support for older versions have already been dropped
previously.
- Document the specifics of TLSv1.3 cipher configuration.
- Update tests. The DH param test is now applicable only for the
mandatory parameter test servers.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
---

enable_backup: false
mail_user: vmail
imap_folder_separator: "/"
smtp_rbl: []
mail_postmaster: "postmaster@{{ ansible_domain }}"
smtp_allow_relay_from: []
local_mail_aliases: {}
imap_max_user_connections_per_ip: 10
mail_server_minimum_tls_protocol: "TLSv1.2"

# TLS_* ciphers are mandated by the TLSv1.3-related standards and
# cannot be disabled when TLSv1.3 is enabled on the server.
mail_server_tls_ciphers: "\
DHE-RSA-AES128-GCM-SHA256:\
DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-CHACHA20-POLY1305:\
ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES256-GCM-SHA384:\
ECDHE-RSA-CHACHA20-POLY1305:\
TLS_AES_128_GCM_SHA256:\
TLS_AES_256_GCM_SHA384:\
TLS_CHACHA20_POLY1305_SHA256:\
!aNULL:!MD5:!EXPORT"
mail_message_size_limit: 10240000
mail_server_smtp_additional_configuration: ""
This site is powered by Kallithea 0.7.99, which is © 2010–2024 by various authors & licensed under GPLv3.