Skip to content
Snippets Groups Projects
Commit 90090b33 authored by Hinrikus Wolf's avatar Hinrikus Wolf
Browse files

Merge branch 'ext-2' into 'master'

Buster Compat and Improved TLS Settings

Dovecot updated some TLS parameters in their config file. This adds the new parameters in a backward compatible manner.

Prompted by that move, I also changed dovecot and postfix to a preset-based configuration of TLS. The default preset is `previous`, that should get you a equivalent configuration as before, regardless of being on stretch or buster (minus OpenSSL changes). Also, there are presets `modern`, `intermediate`, `old` directly from the new <https://ssl-config.mozilla.org>. But beware, at least dovecot currently errors on TLSv1.3-only `modern` although OpenSSL should be able to handle it. The preset **overrides** all manual configuration, so you should upgrade your custom variables.

Beware, that there are two **open bugs** on Debian's dovecot package which may impact your setup:
- [928492: doveadm errors on listing PAM users, because of a glibc change](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928492)
- [930919: dsync no longer syncs Sieve scripts](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930919)

For both bugs there is a patch on the dovecot repository that is already merged. But none made it into Debian yet.

See merge request !3
parents 28987fab 7c3b8ad9
No related branches found
No related tags found
1 merge request!3Buster Compat and Improved TLS Settings
Showing
with 204 additions and 12 deletions
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment