[Dovecot] IMAPS: Disable SSL connection without client certificate
Reindl Harald
h.reindl at thelounge.net
Sat Jun 29 23:03:57 EEST 2013
Am 29.06.2013 21:54, schrieb Ireneusz Szcześniak:
> Reindl, thanks again for your email, but now I realize that perhaps you misunderstood my problem. I have got the
> SSL working with the config presented in my first post. The problem is that I'm surprised that Dovecot lets
> clients establish an SSL connection even when the client doesn't present a certificate. I don't want clients
> without a valid certificate even establish an SSL connection.
what the hell - you can reject them after not present a cert
but how do you imagine technically to smell this fact before connect?
> On 28.06.2013 23:34, Reindl Harald wrote:
>
>> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
>>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only,
>>> and I'm using Thunderbird to access my mail.
>>>
>>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I
>>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine.
>>>
>>> However, with my config anybody can connect to my server without presenting a certificate
>>
>> google "dovecot ssl client certificate" leads to
>> http://wiki.dovecot.org/SSL/DovecotConfiguration
>>
>> well, this is for dovecot 1.x, but have you tried it?
>>
>> Client certificate verification/authentication
>> If you want to require clients to present a valid SSL certificate, you'll need these settings
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130629/885fa549/attachment.bin>
More information about the dovecot
mailing list