[Dovecot] "Perfect Forward Secrecy" on Redhat/Fedora
Reindl Harald
h.reindl at thelounge.net
Wed Oct 16 02:17:46 EEST 2013
RHEL/CentOS 6.5 will support ECDHE
Fedora currently makes the turnaround
no wonder that i burned down many hours:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390
https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108
______________________________
recent dovecot with also support older clients but
perfer best possible encryption for modern ones
ssl_prefer_server_ciphers = yes
ssl_cipher_list =
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH
______________________________
the same for Apache:
SSLHonorCipherOrder On
SSLCipherSuite
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131016/6127fee9/attachment.bin>
More information about the dovecot
mailing list