[Dovecot] dovecot and PFS

Timo Sirainen tss at iki.fi
Sun Sep 22 02:20:57 EEST 2013

On 11.9.2013, at 20.10, Frank Behrens <frank at pinky.sax.de> wrote:

> Hi Emmanuel!
> Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
>> Hi
>> Is there known advices on how to favor PFS with dovecot?
>> In Apache, I use the following directives, with cause all modern
>> browsers to adopt 256 bit PFS ciphers, while keeping backward
>> compatibility with older browsers and avoiding BEAST attack:
>> SSLProtocol all -SSLv2
>> SSLHonorCipherOrder On
> "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:

Added: http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87

(Setting name copied from nginx.)

More information about the dovecot mailing list