Recommended Protocols?
Joseph Tam
jtam.home at gmail.com
Wed Nov 11 00:44:48 EET 2020
On Mon, 9 Nov 2020, Raymond Herrera wrote:
> I am preparing a new server, with Dovecot 2.2.36 and would like to know the
> currently recommended protocols. Should I stick to what I have? I would
> prefer to start with the easiest configuration possible, which I will revise
> later.
>
> This is the command that I have been using to verify the server's
> functionality:
>
> % openssl s_client -connect localhost:imaps
Implicit SSL (SSL/TLS) has the slight advantage over STARTTLS as a MITM
cannot strip the STARTTLS server banner during the session handshake and
downgrade the client to plaintext.
However the most important security consideration are
- set SSL version to at least TLS 1.2 to avoid
known weakness in older versions.
- set cipher list to avoid weak ciphers. One of
many guides
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
- (client) enforce SSL connection (i.e. refuse plaintext
sessions).
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list