dovecot on wheezy, best ssl configuration ?
Joseph Tam
jtam.home at gmail.com
Sat Jan 10 00:11:35 UTC 2015
ml at ruggedinbox.com writes:
> Our smtp server is postfix, can you please suggest a better
> 'ssl_protocols' and 'ssl_cipher_list' configuration ?
> We are running Debian 7 Wheezy
A useful command to know is "openssl ciphers" run on the server that will
tell you the ciphers available given a protocol and cipher list spec.
If it comes out to empty, your client won't be able to negotiate any
SSL sessions, and you'll have include more ciphers. For example,
TLSv1 protocol minus any low-grade encryption or SSLv2 ciphers:
$ openssl ciphers -tlsv1 'ALL:\!LOW:\!SSLv2'
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EXP-EDH-DSS-DES-CBC-SHA:DES-CBC3-SHA:EXP-DES-CBC-SHA:IDEA-CBC-SHA:EXP-RC2-CBC-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list