[Dovecot] How to disable SSL and TLSv1.1?

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Fri Sep 13 10:56:48 EEST 2013


Zitat von Hans Spaans <hans at dailystuff.nl>:

> Patrick Lists schreef op 2013-09-12 09:23:
>> Hi Noel,
>>
>> On 09/12/2013 08:54 AM, Noel Butler wrote:
>> [snip]
>>> I'm always of the belief that if one person wants a feature, they might
>>> be the only vocal person, but they are never really alone, so post your
>>> patch, Timo can only either pull it in, or decline it, as for its useful
>>> for others, only time will tell, but  not even god will help those who
>>> use it on a commercial network with paying customers - thats just plain
>>> professional suicide.
>>
>> Unless it was clearly stated what the requirements are when they sign
>> up. With NIST sleeping at the helm and the NSA having a field day it
>> would not surprise me if businesses understand the importance of
>> stronger encryption.
>
> Why not turn it around? Why not tell the paying customer he is using  
> an unencrypted connection or with options that are insecure. Parse  
> the logfiles and make an additional section on the website where  
> he/she can see from where he/she had a successful login and the  
> security level? Make it red for unencrypted, orange/amber for  
> insecure and green for a "secure" connection. Most people like to  
> have everything in the green and you give them a choice what to do.  
> Also the cost is almost nothing for doing this. You could even make  
> it a service for companies who get a weekly/monthly PDF with an  
> overview.
>
> For now only Dovecot tells if it is a TLS-connection or not. Postfix  
> for example already tells if it is TLSv1 connection and the cipher.  
> If this could be extended then sysadmins have a way to make a  
> decision about the path to follow or to advise to management.
>
> Hans

http://dovecot.2317879.n4.nabble.com/Patch-to-log-the-cipher-suite-used-for-TLS-td43843.html  
??

Regards

Andreas




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6144 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130913/881c401a/attachment.bin>


More information about the dovecot mailing list