On 2020.07.16. 5:16, Mark Constable wrote:
On 16/7/20 5:54 am, Benny Pedersen wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail.
windows 7 just need tls 1.0, why its need to disabled all, is as well beyong me, do not disable tls 1.0 in dovecot aslong one have windows 7 clients
Would anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please?
I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts...
# 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
# https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA****
# https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem #ssl_prefer_server_ciphers = no #ssl_min_protocol = TLSv1.2 #ssl_cipher_list = ECDHE-ECDSA****
~ dovecot --version 2.3.7.2 (3c910f64b)
Apologies to the OP for hijacking this thread.
Are you sure, your operating system's SSL library (OpenSSL or whatever) supports TLS 1.0?
-- KSB