[Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1
Adi Kriegisch
adi at cg.tuwien.ac.at
Fri Oct 18 14:57:12 EEST 2013
Dear all,
I tried to do a backport of 'ssl_prefer_server_ciphers'
(http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87/) to Dovecot 2.1
(namely the Debian version of Dovecot) and wanted to ask if there is any
chance to integrate this feature into Dovecot 2.1 'upstream' as well.
As the code structure changed quite a bit, I am not sure if my patch is
complete. I tested it with pop3s and imaps in my test environment and it
works just as expected and seemed to not have any unwanted effects.
(Dovecot code is probably the most beautiful and easy to read C code I've
seen, but there might also be some pitfalls I missed.)
best regards,
Adi Kriegisch
PS: I need that feature to enable PFS while allowing Outlook to still
connect and the others not to fall back to a different cipher; I was
unable to find a PFS cipher that is supported by Outlook and OpenSSL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl_prefer_server_ciphers-dc21.diff
Type: text/x-diff
Size: 5066 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131018/c9567b3a/attachment-0001.bin>
More information about the dovecot
mailing list