Quoting SW dovecot@bsdpanic.com:
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
ssl_key =
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:+AES256-SHA
ssl_prefer_server_ciphers = yes
I would really appreciate it if someone could tell me if my config is super secure? I run the following email clients:
K9 on Android 4.4.2 Thunderbird 31.4 Outlook 2010
I'm interested to know if the config I have is secure and that my cipher list is acceptable. I'm also keen to hear thoughts on my config in respect of Forward Secrecy and the SSLv3/POODLE attack. Thanks!
According to https://cipherli.st/ ssl = yes ssl_cert = Dovecot 2.2.6 Is what you want.