Correct settings for ssl protocols" and "ssl ciphers"

Darac Marjal mailinglist at darac.org.uk
Tue Jan 17 13:13:33 UTC 2017


On Tue, Jan 17, 2017 at 07:55:15AM -0500, Jerry wrote:
>I have the following two settings in my "10-ssl.conf" file
>
># SSL protocols to use
>ssl_protocols = !SSLv2
>
># SSL ciphers to use
>ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
>I have seen different configurations while Googling. I am wondering
>what the consensus is for the best settings for these two items. What
>do the developers recommend?

Not a developer, but I use the settings from https://cipherli.st, 
namely:

	ssl = yes
	ssl_cert = </etc/dovecot.cert
	ssl_key = </etc/dovecot.key
	ssl_protocols = !SSLv2 !SSLv3
	ssl_cipher_list = AES128+EECDH:AES128+EDH
	ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
	ssl_dh_parameters_length = 4096 # >Dovecot 2.2

>
>Thanks!
>
>-- 
>Jerry

-- 
For more information, please reread.


More information about the dovecot mailing list