Outlook and TLSv.1

Jerry jerry at seibercom.net
Sun Jan 18 11:07:46 UTC 2015


On Sun, 18 Jan 2015 09:45:16 +0100, Robert Schetterer stated:

>Am 16.01.2015 um 12:24 schrieb Oliver Welter:
>> Hi Folks,
>> 
>> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint
>> about connection errors, openssl s_client and Thunderbird works fine.
>> 
>> I found some posts about this but none of them had a real solution on
>> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
>> 
>> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
>> 
>> ssl_cert = </var/qmail/control/servercert.pem
>> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
>> ssl_dh_parameters_length = 2048
>> ssl_key = </var/qmail/control/servercert.pem
>> ssl_protocols = !SSLv2 !TLSv1.2
>> 
>> The certificate is from Comodo using sha256.
>> 
>> Any idea?
>> 
>> Oliver
>> 
>there is no "Outlook", please do a exact debug what Outlook and Windows
>Version, disable TLSv1.2 is a bad idea, my bet goes on your
>ssl_cipher_list, try this
>
># SSL ciphers to use
>ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
>
>or search list archive and www for other better solutions and general
>dovecot ssl configs

I have:
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
and Outlook 2013 works fine.

-- 
Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150118/059b81bf/attachment.sig>


More information about the dovecot mailing list