[Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1

Reindl Harald h.reindl at thelounge.net
Fri Oct 18 15:00:26 EEST 2013

Am 18.10.2013 13:57, schrieb Adi Kriegisch:
> I tried to do a backport of 'ssl_prefer_server_ciphers'
> (http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87/) to Dovecot 2.1
> (namely the Debian version of Dovecot) and wanted to ask if there is any
> chance to integrate this feature into Dovecot 2.1 'upstream' as well.
> As the code structure changed quite a bit, I am not sure if my patch is
> complete. I tested it with pop3s and imaps in my test environment and it
> works just as expected and seemed to not have any unwanted effects.
> (Dovecot code is probably the most beautiful and easy to read C code I've
> seen, but there might also be some pitfalls I missed.)
> best regards,
>     Adi Kriegisch
> PS: I need that feature to enable PFS while allowing Outlook to still
> connect and the others not to fall back to a different cipher; I was
> unable to find a PFS cipher that is supported by Outlook and OpenSSL

ssl_cipher_list =
ssl_prefer_server_ciphers = yes

Outlook, at least on WinXP any version, continues to use RC4 ciphers
but any sane mail client is using PFS ciphers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131018/5af65717/attachment.bin>

More information about the dovecot mailing list