From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id wGB4INgN92VuVQEA62LTzQ:P1 (envelope-from ) for ; Sun, 17 Mar 2024 16:35:52 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id wGB4INgN92VuVQEA62LTzQ (envelope-from ) for ; Sun, 17 Mar 2024 16:35:52 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=rimm.ee header.s=herman header.b=EKvv52jp; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710689752; a=rsa-sha256; cv=none; b=NTyASsT/0BC/N7wDaX3Ooir0p5Pbt3RcP7ROrjVww8U1UT5BGG+7pHxorM2K6I9sFNBRAG HTt0+N4yEjOk1bb3Px5mf1dnVGoeTX2MTmQn2pOMt5VliV49st+K7ZeSiGwmT9MjZROPBJ f+2WON5Z2SYpRW/WY72rJAJPCeNfHndA/gPR0BJOKbNBsMiPd1Dd6nfs+O96imfw23pi3v cYVlcw+Z6cmiu2TAyRXvbtfdckGWXW0iYzjs6lswdwuJa/GnVMBEpi3j8SeRS/lVj9cqfL MOF8AIBJ9LPFAtWuutKSTvXhrsbQXQhItWVswBIdiOxTP3TthuseEDZ7wJWt7w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=rimm.ee header.s=herman header.b=EKvv52jp; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710689752; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=LmFeYROy32V692aD3Y9rzLlF8ZdE4Vk1x2dHESgFsRQ=; b=X7F84Or3Zbdjh86OlwwiNN0lUhFJniDsgNComME5rrtC9ZC9nASex7l9cCsmBzo6V2FLvo 1p+JUP3wov7c8T+X/h6dCergIX1gYVvBPlY8zmXypiL8+16FzPOX6Pm1hDoX/KQKq0jtPh L7SASAzMqv0m5WGnVWKkiD5kFmdkjQHtrGQTGDQbYexyndiTHAQDUKU/eVe8pfSxuw+5YM zhNHmpyd6ftIi/IK6dxD6bdcHu9rm/Lu0FQYnw+/4qaKveAtWi1yD+0Ttma9ZbW/XeKJn6 2XptzR0eD7scOsmJfXmH3BjuO8Sw2kc1Kt8oqBsj0ristNNf5WrVn5qxpBAEIw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2C49568188 for ; Sun, 17 Mar 2024 16:35:52 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlsXt-00019t-8f; Sun, 17 Mar 2024 11:35:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlsXk-00017b-JH for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:25 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rlsXk-0002q6-Ah for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:24 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rlsYL-00039P-Rt for guix-patches@gnu.org; Sun, 17 Mar 2024 11:36:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#69858] [PATCH 1/2] services: dovecot: Prefer server ciphers by default. Resent-From: Herman Rimm Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Mar 2024 15:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 69858 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69858@debbugs.gnu.org Cc: Herman Rimm X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171068975812099 (code B ref -1); Sun, 17 Mar 2024 15:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 17 Mar 2024 15:35:58 +0000 Received: from localhost ([127.0.0.1]:58764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rlsYH-000395-HO for submit@debbugs.gnu.org; Sun, 17 Mar 2024 11:35:57 -0400 Received: from lists.gnu.org ([209.51.188.17]:42558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rlsYF-00038x-B5 for submit@debbugs.gnu.org; Sun, 17 Mar 2024 11:35:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlsXd-000175-A4 for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:17 -0400 Received: from 81-205-150-117.fixed.kpn.net ([81.205.150.117] helo=email.rimm.ee) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rlsXb-0002lw-DH for guix-patches@gnu.org; Sun, 17 Mar 2024 11:35:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rimm.ee; s=herman; t=1710689708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LmFeYROy32V692aD3Y9rzLlF8ZdE4Vk1x2dHESgFsRQ=; b=EKvv52jpVsZfWpaN5db88FP3LA9c5dGACKSpKsOOZlfU/0cPf8hCMJkZ66YJ/iHc49xmYw SBlIzeeEyGp0HFMRNg7jJE5q/J51miJMLjqCoyvDpB7/FXuXPboM1O7Vaw61+cxBOUYO1t um1WZHs5SWUJX/eaCgUlEJi9KU7IbHXr8TEiD/pbYzVtHfumtr2hztHLTPZs4MS0cmYRAQ KNuKaTwoRqZsYgrcBQ3G4zf6NYWb8LQuRx31jh5PT+iZCy1C5bWliINyqxItlG2jTcV/mM 1F4KtXMeCSsCldoDvMQAuVxe/l3785xDnaJwxLwcTl5bsRC7bzaev0lgldQiCg== Received: by 81-205-150-117.fixed.kpn.net (OpenSMTPD) with ESMTPSA id 954ac515 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sun, 17 Mar 2024 15:35:08 +0000 (UTC) Date: Sun, 17 Mar 2024 16:34:33 +0100 Message-ID: <20240317153440.27064-1-herman@rimm.ee> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=81.205.150.117; envelope-from=herman@rimm.ee; helo=email.rimm.ee X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_PBL=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TVD_RCVD_IP=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Herman Rimm X-ACL-Warn: , Herman Rimm via Guix-patches From: Herman Rimm via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -7.00 X-Spam-Score: -7.00 X-Migadu-Queue-Id: 2C49568188 X-TUID: JnD5nUwdv0X0 * gnu/services/mail.scm (dovecot-configuration): Add 'ssl-prefer-server-ciphers?' field. * doc/guix.texi (Mail Services)[Dovecot Service]: Describe field. Change-Id: I1ea7c53466ebc3b01082938b5d9dee47c683017d --- doc/guix.texi | 5 +++++ gnu/services/mail.scm | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index eca1cb3712..b58ed90b2f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26989,6 +26989,11 @@ Time to delay before replying to failed authentications. Defaults to @samp{"2 secs"}. @end deftypevr +@deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-prefer-server-ciphers? +Prefer a server's allowed cipher list over own cipher list. +Defaults to @samp{#t}. +@end deftypevr + @deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-require-client-cert? Require a valid SSL client certificate or the authentication fails. diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index afe1bb6016..cd3f961094 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2020 Jonathan Brielmaier ;;; Copyright © 2023 Thomas Ieong ;;; Copyright © 2023 Saku Laesvuori +;;; Copyright © 2024 Herman Rimm ;;; ;;; This file is part of GNU Guix. ;;; @@ -1261,9 +1262,15 @@ (define-configuration dovecot-configuration intend to use @samp{ssl-verify-client-cert? #t}. The file should contain the CA certificate(s) followed by the matching CRL(s). (e.g. @samp{ssl-ca