openssl question
Ryan Beethe
ryan at splintermail.com
Tue Jan 9 15:43:36 EET 2018
> our dovecot (2.0.9 on redhat) 10-ssl.conf file we have
>
> ssl_cipher_list =
> kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!
> aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3
>
> settings.
>
> this settings is correct for dovecot ? if they correct , can we say there is
> problem for thunderbird ? :)
I think you should fix your dovecot cipher list using the guidance from
Mozilla's security team:
https://wiki.mozilla.org/Security/Server_Side_TLS
If your server is accessible from the web, you can run this test (it
gives you very helpful advice for configuring your cipherlist):
https://www.htbridge.com/ssl
You can also test your setup with the script from this site (you will
have to download some files but you can run it even if your server is
not connected to the internet).
https://testssl.sh/
Ryan
More information about the dovecot
mailing list