From b64582b456c7ada5f23e9640492448e82ccb724d Mon Sep 17 00:00:00 2001
From: Dmytro Makovey <dmakovey@stanford.edu>
Date: Wed, 27 Sep 2017 07:28:39 -0700
Subject: [PATCH] retracting dovecot cipher settings

---
 dovecot/conf/dovecot.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dovecot/conf/dovecot.conf b/dovecot/conf/dovecot.conf
index 3260393a..faa41bf7 100644
--- a/dovecot/conf/dovecot.conf
+++ b/dovecot/conf/dovecot.conf
@@ -65,8 +65,7 @@ ssl_dh_parameters_length = 2048
 # TLS hardening is based on the following documentation:
 # https://bettercrypto.org/static/applied-crypto-hardening.pdf
 ssl_protocols=!SSLv3 !SSLv2
-# ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
-ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
+ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
 ssl_prefer_server_ciphers = yes
 ssl_options = no_compression