[Dovecot] IMAPS: Disable SSL connection without client certificate

Reindl Harald h.reindl at thelounge.net
Sat Jun 29 23:03:57 EEST 2013



Am 29.06.2013 21:54, schrieb Ireneusz Szcześniak:
> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem.  I have got the
> SSL working with the config presented in my first post.  The problem is that I'm surprised that Dovecot lets
> clients establish an SSL connection even when the client doesn't present a certificate.  I don't want clients
> without a valid certificate even establish an SSL connection.

what the hell - you can reject them after not present a cert
but how do you imagine technically to smell this fact before connect?

> On 28.06.2013 23:34, Reindl Harald wrote:
> 
>> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
>>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great.  Dovecot serves IMAPS only,
>>> and I'm using Thunderbird to access my mail.
>>>
>>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection.  I
>>> configure my Thunderbird for SSL/TLS connection with normal password.  It works fine.
>>>
>>> However, with my config anybody can connect to my server without presenting a certificate
>>
>> google "dovecot ssl client certificate" leads to
>> http://wiki.dovecot.org/SSL/DovecotConfiguration
>>
>> well, this is for dovecot 1.x, but have you tried it?
>>
>> Client certificate verification/authentication
>> If you want to require clients to present a valid SSL certificate, you'll need these settings

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130629/885fa549/attachment.bin>


More information about the dovecot mailing list