[Dovecot] IMAPS: Disable SSL connection without client certificate
h.reindl at thelounge.net
Sat Jun 29 23:03:57 EEST 2013
Am 29.06.2013 21:54, schrieb Ireneusz Szcześniak:
> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the
> SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets
> clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients
> without a valid certificate even establish an SSL connection.
what the hell - you can reject them after not present a cert
but how do you imagine technically to smell this fact before connect?
> On 28.06.2013 23:34, Reindl Harald wrote:
>> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
>>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only,
>>> and I'm using Thunderbird to access my mail.
>>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I
>>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine.
>>> However, with my config anybody can connect to my server without presenting a certificate
>> google "dovecot ssl client certificate" leads to
>> well, this is for dovecot 1.x, but have you tried it?
>> Client certificate verification/authentication
>> If you want to require clients to present a valid SSL certificate, you'll need these settings
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the dovecot