TLS Security
Stefan Schumacher
s.schumacher at consulting1x1.com
Wed Jul 14 17:55:19 EEST 2021
Hi,
I wish to build a new secure email server. It seems I am on the right way – at least I get no more error messages for Postfix – but Dovecot is still making trouble.
I am using Dovecot 1:2.3.4.1-5+deb10u6 and I am using ISPconfig 3.25 to do the rough configuring and nano and whats left of my brain to do the finer details. Lets start with what I added to conf.d/10-ssl.conf
ssl_cert = </etc/letsencrypt/live/servername/fullchain.pem
ssl_key = </etc/letsencrypt/live/servername/privkey.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aR$
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
ssl_min_protocol = TLSv1.2
As you can see, I clearly do not want to use TLS before v1.2. I think this is not unreasonable in the year 2021.
Now, after the changes I ran Kali (I use it to verify the results of my experiments)
and - this is a mailing list, so no screenshots:
It says:
SSL/TLS Deprecated TLS v1.0 and TLS v1.1 Detection. I get this for the ports 143, 110, 993 and 995.
I thought I had done everything one could to disable old TLS-Versions. What am I doing wrong?
Yours sincerely
Stefan Schumacher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210714/a03ed7b0/attachment.html>
More information about the dovecot
mailing list