[Dovecot] IMAPS: Disable SSL connection without client certificate

Benny Pedersen me at junc.eu
Sun Jun 30 17:56:12 EEST 2013

Ireneusz Szcześniak skrev den 2013-06-29 22:39:
> With my config, Dovecot disallows logging in when the SSL connection
> was established by a client without a certificate.  In this case the
> client gets to talk to Dovecot.  The client could exploit potential
> Dovecot vulnerabilities.


> Instead, I want the SSL connection to be dropped by OpenSSL when the
> client doesn't authenticate with a certificate, and so the client
> doesn't get to talk with Dovecot.  This is safer, because the client
> is dropped by the well-tested OpenSSL.

so far only a dream

senders that put my email into body content will deliver it to my own 
trashcan, so if you like to get reply, dont do it

More information about the dovecot mailing list