thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Generate 2048 DH group and add it to Postfix

Sven Neuhaus 9 years ago
parent
4a8c3919a4
commit
20bd80c599
2 changed files with 5 additions and 1 deletions
Unified View Show Diff Stats
  1. 4
    0
      roles/common/tasks/ssl.yml
  2. 1
    1
      roles/mailserver/templates/etc_postfix_main.cf.j2

+ 4
- 0
roles/common/tasks/ssl.yml View File

14 
 - name: Set permissions on combined public cert
 14 
 - name: Set permissions on combined public cert
15 
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
 15 
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
16
16
17 
+- name: Create strong Diffie-Hellman group
18 
+  command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
19 
+    creates=/etc/ssl/private/dhparam2048.pem
20 
+
17 
 - name: Enable Apache SSL module
 21 
 - name: Enable Apache SSL module
18 
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
 22 
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
19
23

+ 1
- 1
roles/mailserver/templates/etc_postfix_main.cf.j2 View File

51 
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 51 
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
52 
 # http://www.postfix.org/FORWARD_SECRECY_README.html
 52 
 # http://www.postfix.org/FORWARD_SECRECY_README.html
53 
 smtp_tls_ciphers = medium
 53 
 smtp_tls_ciphers = medium
54 
-
54 
+smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparam2048.pem
55
55
56 
 smtpd_sasl_type = dovecot
 56 
 smtpd_sasl_type = dovecot
57 
 smtpd_sasl_path = private/auth
 57 
 smtpd_sasl_path = private/auth

Write Preview
Loading…
Cancel
Save