35 líneas
1.3 KiB
INI
35 líneas
1.3 KiB
INI
; See 'haraka -h tls'
|
|
|
|
key=/secure/privkey.pem
|
|
cert=/secure/fullchain.pem
|
|
; dhparam=dhparams.pem
|
|
|
|
; ciphers: a list of permitted ciphers
|
|
; The default cipher list is provided by node.js and is considered secure at
|
|
; the time of that versions release. If you have problems with the default cipher
|
|
; list, try enabling this "kinda high but more compatible" setting.
|
|
ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
|
|
|
|
; honorCipherOrder=false
|
|
; rejectUnauthorized=false
|
|
; requestCert=true
|
|
; requestOCSP=false
|
|
|
|
|
|
[redis]
|
|
; options in this block require redis to be enabled in config/plugins.
|
|
|
|
; remember when a remote fails STARTTLS. The next time they connect,
|
|
; don't offer STARTTLS option (so message gets delivered).
|
|
; pro: increases mail reliability
|
|
; con: reduces security
|
|
; default: false
|
|
; disable_for_failed_hosts=true
|
|
|
|
|
|
; no_tls_hosts - disable TLS for servers with broken TLS.
|
|
[no_tls_hosts]
|
|
127.0.0.1
|
|
; 192.168.1.1
|
|
; 172.16.0.0/16
|