[Dovecot] dovecot and PFS
Timo Sirainen
tss at iki.fi
Sun Sep 22 02:20:57 EEST 2013
On 11.9.2013, at 20.10, Frank Behrens <frank at pinky.sax.de> wrote:
> Hi Emmanuel!
>
> Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
>> Hi
>>
>> Is there known advices on how to favor PFS with dovecot?
>>
>> In Apache, I use the following directives, with cause all modern
>> browsers to adopt 256 bit PFS ciphers, while keeping backward
>> compatibility with older browsers and avoiding BEAST attack:
>> SSLProtocol all -SSLv2
>> SSLHonorCipherOrder On
>
> "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:
Added: http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87
(Setting name copied from nginx.)
More information about the dovecot
mailing list