[Dovecot] dovecot and PFS
tss at iki.fi
Sun Sep 22 02:20:57 EEST 2013
On 11.9.2013, at 20.10, Frank Behrens <frank at pinky.sax.de> wrote:
> Hi Emmanuel!
> Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
>> Is there known advices on how to favor PFS with dovecot?
>> In Apache, I use the following directives, with cause all modern
>> browsers to adopt 256 bit PFS ciphers, while keeping backward
>> compatibility with older browsers and avoiding BEAST attack:
>> SSLProtocol all -SSLv2
>> SSLHonorCipherOrder On
> "SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:
(Setting name copied from nginx.)
More information about the dovecot