[Dovecot] TLS/SSL for Win8 & Outlook

Sebastian Goodrick sebastian at goodrick.ch
Fri May 9 06:29:38 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> my speculate was, it leaves too less ciphers left
OK, but does the old dovecot/openssl version provide less ciphers than
the new install? I'm not too familiar with what ciphers ship with
OpenSSL in what version. My naive assumption is, a new version ships
with more ciphers, hence this shouldn't be an issue. (Unless there is
a new bug in a cipher.)

> Computer Configuration\Windows Settings\Security Settings\Local 
> Policies\Security Options
I just learned, there is a tool called gpedit.msc on win8 :)
"Use FIPS compliant algorithms for encryption, hashing, and signing"
is disabled on my machine. From what I understand this indicates, that
it can use more/all available ciphers.

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SecEdit\Reg
Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled
I can find this key (it is set to DisplayType=0 and ValueType=4) but I
don't understand what I can change there and what this setting
indicates. Needless to say that my windows administration knowledge is
limited.

Regards,
Sebastian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNsddIACgkQR7+YB0QzbnohewCeN3SA2or/T60AGhBBcrGXRsFQ
kW4An2xxuHdhnUIY9xVfD43LiFo0yJkq
=63Av
-----END PGP SIGNATURE-----


More information about the dovecot mailing list