[packages/exim] Update TLS default to current recommendation.

Mon, 20 Dec 2021 06:32:27 -0800 

commit aed900a22959d291855b2f1457bf779e63210c7f
Author: Arkadiusz Miƛkiewicz <[email protected]>
Date:   Mon Dec 20 15:31:15 2021 +0100

    Update TLS default to current recommendation.

 exim4.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/exim4.conf b/exim4.conf
index 7ac4944..1fb49f3 100644
--- a/exim4.conf
+++ b/exim4.conf
@@ -171,9 +171,9 @@ tls_advertise_hosts =
 # tls_on_connect_ports = 465
 
 # sane defaults
-# 
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-# tls_require_ciphers = 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
-# openssl_options = +no_sslv2 +no_sslv3 +no_compression
+# 
https://ssl-config.mozilla.org/#server=exim&version=4.93&config=intermediate&openssl=1.1.1k&guideline=5.6
+# tls_require_ciphers = 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+# openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 +no_compression
 
 # Specify the domain you want to be added to all unqualified addresses
 # here. An unqualified address is one that does not contain an "@" character
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/exim.git/commitdiff/aed900a22959d291855b2f1457bf779e63210c7f

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to