[Dovecot] TLS/SSL for Win8 & Outlook
Robert Schetterer
rs at sys4.de
Fri May 9 08:33:36 UTC 2014
Am 09.05.2014 08:29, schrieb Sebastian Goodrick:
>>> my speculate was, it leaves too less ciphers left
> OK, but does the old dovecot/openssl version provide less ciphers than
> the new install?
sorry i am short in time
dovecot hast setup options for ciphers related to your openssl version
please read
http://www.michaelboman.org/books/sslscan
http://www.unixwitch.de/de/sysadmin/tools/imap-mit-ssl-testen
https://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/
http://wiki2.dovecot.org/SSL/DovecotConfiguration
http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
I'm not too familiar with what ciphers ship with
> OpenSSL in what version.
type
openssl ciphers
to see ciphers on your server with your openssl version
and
openssl s_client -connect imap.example.com:143 -starttls imap
for general testing
My naive assumption is, a new version ships
> with more ciphers, hence this shouldn't be an issue. (Unless there is
> a new bug in a cipher.)
there must be matching ciphers
>
>> Computer Configuration\Windows Settings\Security Settings\Local
>> Policies\Security Options
> I just learned, there is a tool called gpedit.msc on win8 :)
> "Use FIPS compliant algorithms for encryption, hashing, and signing"
> is disabled on my machine. From what I understand this indicates, that
> it can use more/all available ciphers.
>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\SecEdit\Reg
> Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled
> I can find this key (it is set to DisplayType=0 and ValueType=4) but I
> don't understand what I can change there and what this setting
> indicates. Needless to say that my windows administration knowledge is
> limited.
as written i will test it, but it will take time
>
> Regards,
> Sebastian
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list