recommend IKE DH groups
[ach-master.git] / src / practical_settings / mailserver.tex
index 7e281c2..7f5472b 100644 (file)
@@ -12,7 +12,7 @@ This section documents the most common mail (SMTP) and IMAPs/POPs servers. Anoth
 % Example: http://dovecot.org/list/dovecot/2013-October/092999.html
 
 \begin{lstlisting}[breaklines]
-  ssl_cipher_list = 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA'
+  ssl_cipher_list = '@@@CIPHERSTRINGB@@@'
   ssl_prefer_server_ciphers = yes
 \end{lstlisting}
 
@@ -222,7 +222,7 @@ acceptable for the ``mandatory'' security level, again in
 \begin{lstlisting}[breaklines]
   smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
   smtpd_tls_mandatory_ciphers=high
-  tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+  tls_high_cipherlist=@@@CIPHERSTRINGB@@@
 \end{lstlisting}
 
 Then, we configure the MSA smtpd in \verb|master.cf| with two