Am 16.01.2015 um 12:24 schrieb Oliver Welter:
after adding TLSv1.2 to by TLS options
how did you do that?
there is no need to add it as long you did not break your configuration intentional the time before
a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine.
no
I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
ssl_cert = </var/qmail/control/servercert.pem ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
!MEDIUM likely is the reason
ssl_dh_parameters_length = 2048 ssl_key = </var/qmail/control/servercert.pem ssl_protocols = !SSLv2 !TLSv1.2
The certificate is from Comodo using sha256
the confiig below works with every known Outlook version down to Outlook 2003 on Windows XP in combination with a RSA4096/SHA256 key as well as with all other reasonable mail clients
ssl_protocols = !SSLv2 !SSLv3 ssl_prefer_server_ciphers = yes ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA