thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Generate 2048 DH group and add it to Postfix

Sven Neuhaus 9 years ago
parent
4a8c3919a4
commit
20bd80c599
2 changed files with 5 additions and 1 deletions
Split View Show Diff Stats
  1. 4
    0
      roles/common/tasks/ssl.yml
  2. 1
    1
      roles/mailserver/templates/etc_postfix_main.cf.j2

+ 4
- 0
roles/common/tasks/ssl.yml View File 

@@ -14,6 +14,10 @@
14 14 
 - name: Set permissions on combined public cert
15 15 
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
16 16
17 
+- name: Create strong Diffie-Hellman group
18 
+  command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
19 
+    creates=/etc/ssl/private/dhparam2048.pem
20 
+
17 21 
 - name: Enable Apache SSL module
18 22 
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
19 23

+ 1
- 1
roles/mailserver/templates/etc_postfix_main.cf.j2 View File 

@@ -51,7 +51,7 @@ smtp_tls_note_starttls_offer = yes
51 51 
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
52 52 
 # http://www.postfix.org/FORWARD_SECRECY_README.html
53 53 
 smtp_tls_ciphers = medium
54 
-
54 
+smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparam2048.pem
55 55
56 56 
 smtpd_sasl_type = dovecot
57 57 
 smtpd_sasl_path = private/auth

Write Preview
Loading…
Cancel
Save