different TLS protocols on different ports
A. Schulze
sca at andreasschulze.de
Wed Nov 14 21:46:28 EET 2018
Am 14.11.18 um 20:22 schrieb Aki Tuomi:
> Not possible I'm afraid.
Hello Aki,
is it not possible in 2.2.36 or not possible at all?
I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers.
IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS)
Switching Clients to complete new ports is a chance to separate and dry out legacy MUA's
I just tried this but that's no valid syntax tough:
service imap-login {
inet_listener imap {
port = 143
# using default protocols and ciphers...
}
inet_listener imaps {
port = 993
ssl_protocols = TLSv1.2 TLSv1.3
ssl_cipher_list = ...
}
}
Postfix let me easily define different TLS protocols on different ports.
For that it would be cool if dovecot could assist on such migrations, too.
Andreas
*) see https://tools.ietf.org/html/rfc8314
as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1
More information about the dovecot
mailing list