From patchwork Sun Mar 17 15:34:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Herman Rimm X-Patchwork-Id: 61908 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D6B1127BBEC; Sun, 17 Mar 2024 15:35:54 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DD8D127BBEA for ; Sun, 17 Mar 2024 15:35:51 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlsXt-00019t-8f; Sun, 17 Mar 2024 11:35:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlsXk-00017b-JH for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:25 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rlsXk-0002q6-Ah for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:24 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rlsYL-00039P-Rt for guix-patches@gnu.org; Sun, 17 Mar 2024 11:36:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#69858] [PATCH 1/2] services: dovecot: Prefer server ciphers by default. Resent-From: Herman Rimm Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Mar 2024 15:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 69858 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69858@debbugs.gnu.org Cc: Herman Rimm X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171068975812099 (code B ref -1); Sun, 17 Mar 2024 15:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 17 Mar 2024 15:35:58 +0000 Received: from localhost ([127.0.0.1]:58764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rlsYH-000395-HO for submit@debbugs.gnu.org; Sun, 17 Mar 2024 11:35:57 -0400 Received: from lists.gnu.org ([209.51.188.17]:42558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rlsYF-00038x-B5 for submit@debbugs.gnu.org; Sun, 17 Mar 2024 11:35:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlsXd-000175-A4 for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:17 -0400 Received: from 81-205-150-117.fixed.kpn.net ([81.205.150.117] helo=email.rimm.ee) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rlsXb-0002lw-DH for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rimm.ee; s=herman; t=1710689708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LmFeYROy32V692aD3Y9rzLlF8ZdE4Vk1x2dHESgFsRQ=; b=EKvv52jpVsZfWpaN5db88FP3LA9c5dGACKSpKsOOZlfU/0cPf8hCMJkZ66YJ/iHc49xmYw SBlIzeeEyGp0HFMRNg7jJE5q/J51miJMLjqCoyvDpB7/FXuXPboM1O7Vaw61+cxBOUYO1t um1WZHs5SWUJX/eaCgUlEJi9KU7IbHXr8TEiD/pbYzVtHfumtr2hztHLTPZs4MS0cmYRAQ KNuKaTwoRqZsYgrcBQ3G4zf6NYWb8LQuRx31jh5PT+iZCy1C5bWliINyqxItlG2jTcV/mM 1F4KtXMeCSsCldoDvMQAuVxe/l3785xDnaJwxLwcTl5bsRC7bzaev0lgldQiCg== Received: by 81-205-150-117.fixed.kpn.net (OpenSMTPD) with ESMTPSA id 954ac515 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sun, 17 Mar 2024 15:35:08 +0000 (UTC) Date: Sun, 17 Mar 2024 16:34:33 +0100 Message-ID: <20240317153440.27064-1-herman@rimm.ee> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Received-SPF: pass client-ip=81.205.150.117; envelope-from=herman@rimm.ee; helo=email.rimm.ee X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_PBL=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TVD_RCVD_IP=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Herman Rimm X-ACL-Warn: , Herman Rimm via Guix-patches X-Patchwork-Original-From: Herman Rimm via Guix-patches via From: Herman Rimm Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/mail.scm (dovecot-configuration): Add 'ssl-prefer-server-ciphers?' field. * doc/guix.texi (Mail Services)[Dovecot Service]: Describe field. Change-Id: I1ea7c53466ebc3b01082938b5d9dee47c683017d --- doc/guix.texi | 5 +++++ gnu/services/mail.scm | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index eca1cb3712..b58ed90b2f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26989,6 +26989,11 @@ Time to delay before replying to failed authentications. Defaults to @samp{"2 secs"}. @end deftypevr +@deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-prefer-server-ciphers? +Prefer a server's allowed cipher list over own cipher list. +Defaults to @samp{#t}. +@end deftypevr + @deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-require-client-cert? Require a valid SSL client certificate or the authentication fails. diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index afe1bb6016..cd3f961094 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2020 Jonathan Brielmaier ;;; Copyright © 2023 Thomas Ieong ;;; Copyright © 2023 Saku Laesvuori +;;; Copyright © 2024 Herman Rimm ;;; ;;; This file is part of GNU Guix. ;;; @@ -1261,9 +1262,15 @@ (define-configuration dovecot-configuration intend to use @samp{ssl-verify-client-cert? #t}. The file should contain the CA certificate(s) followed by the matching CRL(s). (e.g. @samp{ssl-ca