From 47916f0923e7e9aa1ea5bc047eca38efa55b57f2 Mon Sep 17 00:00:00 2001
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Mon, 23 Jul 2018 00:47:23 +0200
Subject: main/dovecot: set default ssl_prefer_server_ciphers = yes

---
 main/dovecot/APKBUILD             | 2 +-
 main/dovecot/default-config.patch | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'main')

diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index cff8b6507f..223ad75e66 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -294,6 +294,6 @@ sha512sums="c085a0d04925485423086736a3c7d919ad0ca9efeff005890382da5333edb68c7d23
 6bc24d9241f94db795a012346d9bc94b5cc7d7ce0175c03213c2b5d179d80dec95e9bdbd50bed628c8f9f7c51639e692ba5e429212a3b4a654c1e4764ac4f11c  dovecot-2.3-pigeonhole-0.5.2.tar.gz
 fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a  skip-iconv-check.patch
 794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5  split-protocols.patch
-8b38cba67ec0c2de16f11f93a79d1b7916bf2dbdc6c300de400178df1d1d86ccaccf7ac92ea9d3abef54dd401a75cb9d235962b1a98ef96a4cb189e4d046842d  default-config.patch
+0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07  default-config.patch
 9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0  dovecot.logrotate
 d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70  dovecot.initd"
diff --git a/main/dovecot/default-config.patch b/main/dovecot/default-config.patch
index c6d324085e..0f8a7385a2 100644
--- a/main/dovecot/default-config.patch
+++ b/main/dovecot/default-config.patch
@@ -35,3 +35,12 @@
  
  # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  # dropping root privileges, so keep the key file unreadable by anyone but
+@@ -67,7 +67,7 @@
+ #ssl_curve_list =
+ 
+ # Prefer the server's order of ciphers over client's.
+-#ssl_prefer_server_ciphers = no
++ssl_prefer_server_ciphers = yes
+ 
+ # SSL crypto device to use, for valid values run "openssl engine"
+ #ssl_crypto_device =
-- 
cgit v1.2.3