[Dovecot] TLS/SSL for Win8 & Outlook
Sebastian Goodrick
sebastian at goodrick.ch
Fri May 9 12:28:12 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I will go through the links later today, thanks.
> openssl ciphers
The new OpenSSL supports many additional ciphers. Three ciphers are
not supported anymore: DES-CBC-MD5, DES-CBC3-MD5, RC2-CBC-MD5
For any reason I don't understand, there are ciphers listed twice in
the old OpenSSL version but also once in the new version:
EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5
> openssl s_client -connect imap.example.com:143 -starttls imap
dovecot 2.1.7, OpenSSL 1.0.1 e (both as shipped with Debian Weezy):
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
dovecot 1.2.13, OpenSSL 0.9.8 g (call me outdated, I say heartbleed!):
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
However, that's talking OpenSSL to OpenSSL.
> there must be matching ciphers
Indeed. According to this
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx
there should be matching ciphers if I'm not completely mistaken. (I
don't know what P256 indicates in
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256.
Is there a similar way to OpenSSL to check on the box, what is really
supported? Or to perform a handshake like the -connect -starttls imap
option of OpenSSL?
> as written i will test it, but it will take time
Thanks, Robert. I really appreciate it. Your comments have been really
helpful to me so far.
Regards
Sebastian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNsydwACgkQR7+YB0QzbnovDQCgk21gkre2/NQ9k8mGLgWmbHyD
1goAoKSEmOvu+3IbVjt5MWCO8XQt3Hu6
=my5T
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list