Read-flag of mails don't update
@lbutlr
kremels at kreme.com
Fri Jun 12 16:57:24 EEST 2020
On 12 Jun 2020, at 01:02, Marius Rasch <dovecot at email.marius-rasch.de> wrote:
> Am 11.06.20 um 18:08 schrieb @lbutlr:
>>> ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>> Why are you doing this?
> I set this according to this page:
> https://weakdh.org/sysadmin.html
Hmm. I am generally dismissive of anything about security that is undated.
> It was recommended in the ArchLinux wiki page for dovecot, but it might be outdated.
All I have in my conf is ssl_min_protocol - TLSv1.1 and I don't recall ever seeing anyone set a cipher list in dovceot unless it was to try to allow older protocols.
Generally, it is better to exclude the protocols and ciphers you do not want. There is no reason to restrict yourself to a specific list of cyphers which is likely to exclude future cyphers when you forget to update it.
Certainly the recommendations made for postfix (which I am more familiar with) are unnecessary)
--
An edge witch is one who makes her living on the edges, in that
moment when boundary conditions apply - between life and death,
light and dark, good and evil and, most dangerously of all, today
and tomorrow.
More information about the dovecot
mailing list