mirror of https://dev.ccchb.de/ccchb/ansible.git
Stricter TLS ciphersuites for Postfix (SMTP)
This commit is contained in:
parent
7784501da5
commit
a4f5536f12
|
@ -353,6 +353,14 @@ postfix_config:
|
||||||
value: 'aNULL'
|
value: 'aNULL'
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: smtpd_tls_mandatory_protocols
|
||||||
|
value: 'TLSv1.2 TLSv1.3'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: smtpd_tls_protocols
|
||||||
|
value: 'TLSv1.2 TLSv1.3'
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: smtpd_tls_received_header
|
- name: smtpd_tls_received_header
|
||||||
value: 'yes'
|
value: 'yes'
|
||||||
state: present
|
state: present
|
||||||
|
@ -370,7 +378,8 @@ postfix_config:
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: tls_high_cipherlist
|
- name: tls_high_cipherlist
|
||||||
value: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
|
value: |-
|
||||||
|
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: tls_ssl_options
|
- name: tls_ssl_options
|
||||||
|
|
Loading…
Reference in New Issue