[Dovecot] dovecot and PFS
Frank Behrens
frank at pinky.sax.de
Wed Sep 11 20:10:43 EEST 2013
Hi Emmanuel!
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
> Hi
>
> Is there known advices on how to favor PFS with dovecot?
>
> In Apache, I use the following directives, with cause all modern
> browsers to adopt 256 bit PFS ciphers, while keeping backward
> compatibility with older browsers and avoiding BEAST attack:
> SSLProtocol all -SSLv2
> SSLHonorCipherOrder On
"SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:
--- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.000000000 +0200
+++ src/login-common/ssl-proxy-openssl.c 2013-09-09 18:20:05.184890563 +0200
@@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log
ctx->cipher_list, ssl_last_error());
}
SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols));
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) {
i_fatal("Can't load ssl_cert: %s",
> SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
> -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
>
> dovecot does not care about BEAST, since attacker cannot inject
> trafic. Therefore the cipher list get simplier in dovecot.conf:
> ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL
> :!eNULL
>
> But that list is good for browsers. I am not aware of documentation
> about what ciphers are advertised by various mail client. How can I
> know if that setting has some success pushing PFS? How can I
> discover which clients fail to negociate PFS ciphers?
I have in my dovecot.conf:
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k
The "%k" writes the negotiated cipher into the log, see also
http://wiki2.dovecot.org/Variables
Regards,
Frank
--
Frank Behrens
Osterwieck, Germany
More information about the dovecot
mailing list