Secure dovecot TLS and SSL configuration

Settings for /etc/dovecot/conf.d/10-ssl.conf: 

ssl = required
#the .pem file is .crt appended by .ca-bundle
ssl_cert = </home/frank/ssl/my.b-nm.at.pem ssl_key = </home/frank/ssl/my.b-nm.at.key ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl_prefer_server_ciphers = yes ssl_min_protocol = TLSv1.2 ssl_options = no_compression no_ticket

Was this answer helpful?

 Print this Article

Also Read

Decrypting SSL traffic with tshark (private key required)

Sample: #!/bin/bash tshark -f "tcp port 80" -Y 'http.request || http.response' #OR (for...

Check SSL security, installation and configuration

Feel free to use the collection of SSL tools we are providing to check your SSL configuration and...

How can i verify my SSL certification?

Please use the tools from our SSL Tools site which offer you all kinds of SSL checker tools for...

Why SHA-1 based SSL certificates should NOT be used anymore. Revoke old SHA-1 based certificates and get free SHA-2 ones! Here is why ...

All SSL certificates delivered by us are SHA-2 based by default since November 2014. Multiple...

BSI legt Grundstein für Prüfungen gemäß IT-Sicherheitsgesetz

Betreiber kritischer Infrastruktur müssen sich zukünftig regelmäßig prüfen lassen und dabei...