grommunio / configs Goto Github PK
View Code? Open in Web Editor NEWSources for the grommunio-common (rpm/deb) package
Sources for the grommunio-common (rpm/deb) package
As per grommunio/gromox#90 (comment), “cipher lists for every individual daemon does not scale very well for an administrator”, however the grommunio-provided NGINX configuration in /usr/share/grommunio-common/nginx/ssl_params.conf
has actually an individual configuration of TLS protocols and ciphers. This overrides what crypto-policies configure and the grommunio-provided NGINX-configuration is not in-line with common Mozilla recommendations, which are suited for performance, security and compatibility. Actually, grommunio even re-enables TLSv1.0 and TLSv1.1, which are deprecated as per RFC 8996, with the shipped configuration.
With the reason provided in grommunio/gromox#90 (comment), I suggest to remove the current grommunio-provided NGINX individual configuration in /usr/share/grommunio-common/nginx/ssl_params.conf
related to TLS protocols and ciphers, but to only use what crypto-policies provide. This would also provide a really consistent experience to administrators across all components involved in a grommunio setup.
Oh, and adapting /usr/share/grommunio-common/nginx/ssl_params.conf
yourself to get what crypto-policies are meant for does currently not work, because grommunio delivers this individual configuration in a configuration file not suited for editing, because any modification will be overriden during the next update of the "grommunio-common" RPM package (which kind of makes sense for itself, because it's /usr/share
rather than /etc
). Practically, trying to re-declare e.g. ssl_ciphers
with PROFILE=SYSTEM
in a later NGINX configuration file also fails, because NGINX doesn't support this, unfortunately:
$ nginx -t
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/nginx/conf.d/grommunio_custom-crypto-policies.conf.include:1
nginx: configuration file /etc/nginx/nginx.conf test failed
$
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.