changing cipher for imap clients
Aki Tuomi
aki.tuomi at open-xchange.com
Mon Oct 28 16:36:04 EET 2019
> On 28/10/2019 16:12 Fourhundred Thecat via dovecot <dovecot at dovecot.org> wrote:
>
>
> When my client connects, I see this in my log:
>
> dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128
> bits)
>
> Whereas, when client connects to my postfix server, I see:
>
> Anonymous TLS connection established from * TLSv1 with cipher
> ECDHE-RSA-AES256-SHA (256/256 bits)
>
> how can I tell dovecot to use AES256, instead of AES128 ?
>
> is this set by ssl_cipher_list ? Here are my current values (defaults)
>
> # doveconf ssl_cipher_list
> ssl_cipher_list =
> ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> # dovecot --version
> 2.3.4.1
>
> thanks,
Perhaps your client does not support it?
Also, you could try the *default* cipher list (unset ssl_cipher_list), which is reasonable. Also make sure you have 'ssl_prefer_server_ciphers=yes', so that the server-side priority list is used.
aki
More information about the dovecot
mailing list