different TLS protocols on different ports

A. Schulze sca at andreasschulze.de
Wed Nov 14 21:46:28 EET 2018

Am 14.11.18 um 20:22 schrieb Aki Tuomi:
> Not possible I'm afraid.

Hello Aki,

is it not possible in 2.2.36 or not possible at all?

I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers.
IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS)
Switching Clients to complete new ports is a chance to separate and dry out legacy MUA's

I just tried this but that's no valid syntax tough:

	service imap-login {
	  inet_listener imap {
	    port = 143
            # using default protocols and ciphers...
	  inet_listener imaps {
	    port = 993
	    ssl_protocols = TLSv1.2 TLSv1.3
            ssl_cipher_list = ...

Postfix let me easily define different TLS protocols on different ports.
For that it would be cool if dovecot could assist on such migrations, too.


*) see https://tools.ietf.org/html/rfc8314
   as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1

More information about the dovecot mailing list