[Dovecot] IMAPS: Disable SSL connection without client certificate
Benny Pedersen
me at junc.eu
Sun Jun 30 17:56:12 EEST 2013
Ireneusz Szcześniak skrev den 2013-06-29 22:39:
> With my config, Dovecot disallows logging in when the SSL connection
> was established by a client without a certificate. In this case the
> client gets to talk to Dovecot. The client could exploit potential
> Dovecot vulnerabilities.
fair
> Instead, I want the SSL connection to be dropped by OpenSSL when the
> client doesn't authenticate with a certificate, and so the client
> doesn't get to talk with Dovecot. This is safer, because the client
> is dropped by the well-tested OpenSSL.
so far only a dream
--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it
More information about the dovecot
mailing list