different TLS protocols on different ports
Michael Slusarz
michael.slusarz at open-xchange.com
Wed Nov 14 22:21:26 EET 2018
> On November 14, 2018 at 12:46 PM "A. Schulze" <sca at andreasschulze.de> wrote:
<
> I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers.
> IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS)
"IMAPS" has been used forever. Every installation I can think of supports 993.
Same with submission. 465/587 has been a standard port for awhile now.
In fact, these are the only ports someone like a Google will allow you to connect to.
https://support.google.com/mail/answer/7126229?hl=en
> Switching Clients to complete new ports is a chance to separate and dry out legacy MUA's
There is no switch to do. These ports are well-known and well used.
> I just tried this but that's no valid syntax tough:
>
> service imap-login {
> inet_listener imap {
> port = 143
> # using default protocols and ciphers...
> }
> inet_listener imaps {
> port = 993
> ssl_protocols = TLSv1.2 TLSv1.3
> ssl_cipher_list = ...
>
> }
> }
>
>
> Postfix let me easily define different TLS protocols on different ports.
> For that it would be cool if dovecot could assist on such migrations, too.
>
> Andreas
>
> *) see https://tools.ietf.org/html/rfc8314
> as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1
More information about the dovecot
mailing list