From 3983b3d3932f9d1d11acf645b985c78322bf140c Mon Sep 17 00:00:00 2001
From: Thomas Bella <thomas@bella.network>
Date: Fri, 6 Sep 2019 12:39:33 +0200
Subject: [PATCH] Disable SSL ticket support in dovecot

Because tickets are normally only generated on service start, we should disable it to provide better PFS.
---
 data/conf/dovecot/dovecot.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 2fe01693..51e58710 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -34,7 +34,7 @@ ssl_prefer_server_ciphers = yes
 ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
 
 # Default in Dovecot 2.3
-ssl_options = no_compression
+ssl_options = no_compression no_ticket
 
 # New in Dovecot 2.3
 ssl_dh=</etc/ssl/mail/dhparams.pem