TLS config check
SW
dovecot at bsdpanic.com
Fri Feb 6 22:13:18 UTC 2015
According to https://cipherli.st/
> ssl = yes
> ssl_cert = </etc/dovecot.cert
> ssl_key = </etc/dovecot.key
> ssl_protocols = !SSLv2 !SSLv3
> ssl_cipher_list = AES128+EECDH:AES128+EDH
> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
> Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following
cipher in the log file:
ECDHE-ECDSA-AES256-SHA (256/256 bits)
After the change the log now says:
ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
Is this an improvement (or more secure) despite going from 256bits to
128bits?
Thanks!
More information about the dovecot
mailing list