Skip to content
Snippets Groups Projects
Select Git revision
0 results

communication

  • Clone with SSH
  • Clone with HTTPS
  • Hinrikus Wolf's avatar
    Hinrikus Wolf authored
    Buster Compat and Improved TLS Settings
    
    Dovecot updated some TLS parameters in their config file. This adds the new parameters in a backward compatible manner.
    
    Prompted by that move, I also changed dovecot and postfix to a preset-based configuration of TLS. The default preset is `previous`, that should get you a equivalent configuration as before, regardless of being on stretch or buster (minus OpenSSL changes). Also, there are presets `modern`, `intermediate`, `old` directly from the new <https://ssl-config.mozilla.org>. But beware, at least dovecot currently errors on TLSv1.3-only `modern` although OpenSSL should be able to handle it. The preset **overrides** all manual configuration, so you should upgrade your custom variables.
    
    Beware, that there are two **open bugs** on Debian's dovecot package which may impact your setup:
    - [928492: doveadm errors on listing PAM users, because of a glibc change](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928492)
    - [930919: dsync no longer syncs Sieve scripts](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930919)
    
    For both bugs there is a patch on the dovecot repository that is already merged. But none made it into Debian yet.
    
    See merge request !3
    90090b33
    History
    Name Last commit Last update