Merge branch 'ext-2' into 'master'
Buster Compat and Improved TLS Settings Dovecot updated some TLS parameters in their config file. This adds the new parameters in a backward compatible manner. Prompted by that move, I also changed dovecot and postfix to a preset-based configuration of TLS. The default preset is `previous`, that should get you a equivalent configuration as before, regardless of being on stretch or buster (minus OpenSSL changes). Also, there are presets `modern`, `intermediate`, `old` directly from the new <https://ssl-config.mozilla.org>. But beware, at least dovecot currently errors on TLSv1.3-only `modern` although OpenSSL should be able to handle it. The preset **overrides** all manual configuration, so you should upgrade your custom variables. Beware, that there are two **open bugs** on Debian's dovecot package which may impact your setup: - [928492: doveadm errors on listing PAM users, because of a glibc change](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928492) - [930919: dsync no longer syncs Sieve scripts](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930919) For both bugs there is a patch on the dovecot repository that is already merged. But none made it into Debian yet. See merge request !3
dovecot/files/ffdhe2048.txt
0 → 100644
dovecot/files/ffdhe4096.txt
0 → 100644
dovecot/vars/tls-modern.yml
0 → 100644
dovecot/vars/tls-old.yml
0 → 100644
postfix/files/ffdhe2048.txt
0 → 100644
postfix/files/ffdhe4096.txt
0 → 100644
postfix/vars/tls-modern.yml
0 → 100644
postfix/vars/tls-old.yml
0 → 100644
Please register or sign in to comment