I can no longer use TLS for Windows7 and Outlook
Luuk
luuk34 at gmail.com
Wed Jun 3 09:53:57 EEST 2020
On 31-5-2020 06:36, Mark Constable wrote:
> I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f.
>
> A few months ago there was an update to all these systems and since
> then I've had to talk W7 and old Mac clients through disabling ports
> 993/995 with TLS enabled back to ports 143/110 without SSL or they
> could not pick up email. Thunderbird users (ie; me) were unaffected.
>
> Could anyone share a set of port 993/995 SSL settings known to work
> with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ?
>
> Mine is currently...
>
> ssl_ca = </etc/ssl/certs/ca-certificates.crt
> ssl_cert = </etc/ssl/example.com/fullchain.pem
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_options = no_compression no_ticket
> ssl_prefer_server_ciphers = yes
>
> I have commented out ssl_cipher_list, ssl_min_protocol and others to
> get back to whatever the defaults are so I am not simply guessing what
> the optimal settings would be to cover Win7 and up.
>
> Yes I know Win7 is no longer supported but that does not help the 100s
> of older users I have that can't/won't upgrade their computers.
Did you enable TLS1.2 in Windows 7?
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
(or, not tested on Windows 7: https://www.nartac.com/Products/IISCrypto/ )
More information about the dovecot
mailing list