Files @ c2f446ec7e2a
Branch filter:

Location: majic-ansible-roles/roles/mail_server/defaults/main.yml

c2f446ec7e2a 518 B text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-158: Update default TLS ciphers configuration in the mail_server role:

- Updated the default value for parameter mail_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Refactored tests for TLS to use nmap ssl-enum-ciphers script for
listing available TLS versions and ciphers.
- Install nmap as part of preparation step.
- Updated role reference documentation.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
---

enable_backup: false
mail_user: vmail
imap_folder_separator: "/"
smtp_rbl: []
mail_postmaster: "postmaster@{{ ansible_domain }}"
smtp_allow_relay_from: []
local_mail_aliases: {}
imap_max_user_connections_per_ip: 10
mail_server_tls_protocols:
  - "TLSv1.2"
mail_server_tls_ciphers: "\
DHE-RSA-AES128-GCM-SHA256:\
DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-CHACHA20-POLY1305:\
ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES256-GCM-SHA384:\
ECDHE-RSA-CHACHA20-POLY1305:\
!aNULL:!MD5:!EXPORT"
mail_message_size_limit: 10240000
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.