From 067a4c2ce844c0bc48f662e336bd2bc4528b34f3 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 28 Aug 2020 20:09:54 +0200
Subject: http|imap-proxy: fix tls encryption to backend (allow TLS1.0)

---
 chaos-at-home/ch-imap-proxy.yml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'chaos-at-home/ch-imap-proxy.yml')

diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml
index 967d7613..1a05a39f 100644
--- a/chaos-at-home/ch-imap-proxy.yml
+++ b/chaos-at-home/ch-imap-proxy.yml
@@ -15,6 +15,12 @@
         challenge:
           http-self-test: false
   post_tasks:
+  - name: lower minimum tls protocol version to 1.0
+    lineinfile:
+      path: /etc/ssl/openssl.cnf
+      regexp: '^MinProtocol\s*='
+      line: 'MinProtocol = TLSv1.0'
+
   - name: install stunnel package
     apt:
       name: stunnel4
-- 
cgit v1.2.3