$NetBSD: patch-conf_bincimap.conf.in,v 1.1 2021/01/15 19:50:25 schmonz Exp $

By default, don't specify a cipher list, taking the OpenSSL defaults.
Leave a decent commented-out list from ssl-config.mozilla.org.

Let SUBST fix up users, groups, and paths.

--- conf/bincimap.conf.in.orig	2005-01-05 15:53:46.000000000 +0000
+++ conf/bincimap.conf.in
@@ -34,8 +34,8 @@ Authentication {
 //----------------------------------------------------------------------------
 Security {
     jail path = "@prefix@/bin",
-    jail user = "nobody",
-    jail group = "nobody"
+    jail user = "@BINCIMAP_USER@",
+    jail group = "@BINCIMAP_GROUP@"
 }
 
 //----------------------------------------------------------------------------
@@ -100,7 +100,7 @@ Session {
 
 //----------------------------------------------------------------------------
 SSL {
-    pem file = "@sysconfdir@/bincimap.pem",        /* private key and
+    pem file = "/usr/share/ssl/certs/bincimap.pem",/* private key and
                                                       certificate
                                                       chain PEM file
                                                       name */
@@ -108,11 +108,11 @@ SSL {
     ca file = "",                                  /* file to use as
                                                       certificate
                                                       authority */
-    ca path = "",                                  /* path to search
+    ca path = "/usr/share/ssl/certs",              /* path to search
                                                       for more certificate
                                                       authorities */
 
-    cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",
+    //cipher list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
 
     verify peer = "no"
 }