Am 12.09.2013 00:46, schrieb Darren Pilgrim:
On 9/9/2013 4:09 PM, Reindl Harald wrote:
Am 09.09.2013 22:56, schrieb Darren Pilgrim:
I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set
ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify?
and what clients do you imagine to connect?
Thunderbird and a Webmail app
in that special case you may be lucky
on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out
OpenSSL 1.0.1 supports TLS 1.2
and that is why i said most widely used does not
RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e
if you have only a few users where you know OS and mail-client this is doable, for any server with customers it is a no-go