haraka-wildduck

production/haraka-wildduck/haraka/config/tls.ini

@@ -0,0 +1,34 @@
+; See 'haraka -h tls'
+
+key=/secure/privkey.pem
+cert=/secure/fullchain.pem
+; dhparam=dhparams.pem
+
+; ciphers: a list of permitted ciphers
+; The default cipher list is provided by node.js and is considered secure at
+; the time of that versions release. If you have problems with the default cipher
+; list, try enabling this "kinda high but more compatible" setting.
+ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
+
+; honorCipherOrder=false
+; rejectUnauthorized=false
+; requestCert=true
+; requestOCSP=false
+
+
+[redis]
+; options in this block require redis to be enabled in config/plugins.
+
+; remember when a remote fails STARTTLS. The next time they connect,
+;     don't offer STARTTLS option (so message gets delivered).
+;     pro: increases mail reliability
+;     con: reduces security
+; default: false
+; disable_for_failed_hosts=true
+
+
+; no_tls_hosts - disable TLS for servers with broken TLS.
+[no_tls_hosts]
+; 127.0.0.1
+; 192.168.1.1
+; 172.16.0.0/16