From 343995613bd8968de4a660d6976e52882f946996 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Thu, 27 Jun 2024 01:09:15 +0200
Subject: [PATCH] Update cipherlist
 https://ssl-config.mozilla.org/#server=postfix&version=3.7.10&config=intermediate&openssl=1.1.1n&guideline=5.7

---
 templates/postfix/main.cf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2
index 5814751..b3cbafe 100644
--- a/templates/postfix/main.cf.j2
+++ b/templates/postfix/main.cf.j2
@@ -30,7 +30,7 @@ mynetworks = {{ postfix_mynetworks | join(', ') }}
 ### TLS settings
 tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
 tls_preempt_cipherlist = no
-tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
 tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
 
 ### TLS settings for SMTP server