Correct settings for ssl protocols" and "ssl ciphers"

Emmanuel Dreyfus manu at netbsd.org
Tue Jan 17 13:28:41 UTC 2017


On Tue, Jan 17, 2017 at 07:55:15AM -0500, Jerry wrote:
> I have seen different configurations while Googling. I am wondering
> what the consensus is for the best settings for these two items. What
> do the developers recommend?

According to my own reference https://arxiv.org/abs/1407.2168 I use:
ssl_dh_parameters_length = 4096
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL

You may want to disable 3DES nowadays.


-- 
Emmanuel Dreyfus
manu at netbsd.org


More information about the dovecot mailing list