17 Jan
2017
17 Jan
'17
3:13 p.m.
On Tue, Jan 17, 2017 at 07:55:15AM -0500, Jerry wrote:
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use ssl_protocols = !SSLv2
# SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend?
Not a developer, but I use the settings from https://cipherli.st, namely:
ssl = yes
ssl_cert = </etc/dovecot.cert
ssl_key = </etc/dovecot.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
ssl_dh_parameters_length = 4096 # >Dovecot 2.2Thanks!
-- Jerry
-- For more information, please reread.