TLS config check
SW
dovecot at bsdpanic.com
Fri Feb 6 21:38:58 UTC 2015
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
</usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt
ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:+AES256-SHA
ssl_prefer_server_ciphers = yes
I would really appreciate it if someone could tell me if my config is
super secure? I run the following email clients:
K9 on Android 4.4.2
Thunderbird 31.4
Outlook 2010
I'm interested to know if the config I have is secure and that my cipher
list is acceptable. I'm also keen to hear thoughts on my config in
respect of Forward Secrecy and the SSLv3/POODLE attack.
Thanks!
More information about the dovecot
mailing list