Update ssl_cipher_list in Dovecot config file.

2021-09-15 11:06:11 +08:00 · 2021-09-15 11:06:11 +08:00 · 950f295549
parent 7dd5f32038
commit 950f295549
1 changed files with 12 additions and 0 deletions
--- a/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
+++ b/en_US/upgrade/0-upgrade.iredmail.1.4.2-1.4.3.md
@ -79,3 +79,15 @@ ssl_session_cache shared:SSL:10m;
 ```

 Restarting Nginx service is required.
+
+### Dovecot: enable new ssl cipher `EECDH+CHACHA20` and remove the weak one `AES256+EDH`
+
+Please open file `/etc/dovecot/dovecot.conf` (Linux/OpenBSD) or
+`/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), update parameter
+`ssl_cipher_list` to:
+
+```
+ssl_cipher_list = EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH
+```
+
+Restarting Dovecot service is required.