Outlook and TLSv.1
Reindl Harald
h.reindl at thelounge.net
Sun Jan 18 11:07:52 UTC 2015
Am 16.01.2015 um 12:24 schrieb Oliver Welter:
> after adding TLSv1.2 to by TLS options
how did you do that?
there is no need to add it as long you did not break
your configuration intentional the time before
> a lot of Outlook users complaint about connection errors,
> openssl s_client and Thunderbird works fine.
no
> I found some posts about this but none of them had a real solution on
> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
>
> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
>
> ssl_cert = </var/qmail/control/servercert.pem
> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
!MEDIUM likely is the reason
> ssl_dh_parameters_length = 2048
> ssl_key = </var/qmail/control/servercert.pem
> ssl_protocols = !SSLv2 !TLSv1.2
>
> The certificate is from Comodo using sha256
the confiig below works with every known Outlook version down to Outlook
2003 on Windows XP in combination with a RSA4096/SHA256 key as well as
with all other reasonable mail clients
ssl_protocols = !SSLv2 !SSLv3
ssl_prefer_server_ciphers = yes
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150118/4cf15b0c/attachment.sig>
More information about the dovecot
mailing list