tachtler:dovecot_ssl_tls
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:dovecot_ssl_tls [2015/07/09 14:26] – [/etc/dovecot/conf.d/10-auth.conf] klaus | tachtler:dovecot_ssl_tls [2015/09/29 14:06] (aktuell) – [/etc/dovecot/conf.d/10-ssl.conf] klaus | ||
---|---|---|---|
Zeile 258: | Zeile 258: | ||
# https:// | # https:// | ||
# default: # | # default: # | ||
- | ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256: | + | # original from https:// |
+ | # Tachtler - changed order, to use first ECDHE-RSA-AES256-GCM-SHA384 / ECDHE-ECDSA-AES256-GCM-SHA384! | ||
+ | ssl_cipher_list = ECDHE-RSA-AES256-GCM-SHA384: | ||
... | ... | ||
</ | </ | ||
Zeile 327: | Zeile 330: | ||
< | < | ||
# doveconf -n | # doveconf -n | ||
- | # 2.2.10: / | + | # 2.2.18: / |
- | # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release | + | # OS: Linux 3.10.0-229.7.2.el7.x86_64 x86_64 CentOS |
auth_debug = yes | auth_debug = yes | ||
+ | auth_debug_passwords = yes | ||
auth_master_user_separator = * | auth_master_user_separator = * | ||
auth_mechanisms = plain digest-md5 cram-md5 login | auth_mechanisms = plain digest-md5 cram-md5 login | ||
auth_verbose = yes | auth_verbose = yes | ||
- | disable_plaintext_auth | + | listen |
mail_debug = yes | mail_debug = yes | ||
mail_location = maildir: | mail_location = maildir: | ||
Zeile 376: | Zeile 380: | ||
} | } | ||
ssl_cert = </ | ssl_cert = </ | ||
- | ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256: | + | ssl_cipher_list = ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256: |
ssl_dh_parameters_length = 2048 | ssl_dh_parameters_length = 2048 | ||
- | ssl_key = </ | + | ssl_key = </ |
ssl_prefer_server_ciphers = yes | ssl_prefer_server_ciphers = yes | ||
- | |||
ssl_protocols = !SSLv2 !SSLv3 | ssl_protocols = !SSLv2 !SSLv3 | ||
userdb { | userdb { | ||
Zeile 396: | Zeile 399: | ||
Stopping Dovecot Imap: | Stopping Dovecot Imap: | ||
Starting Dovecot Imap: | Starting Dovecot Imap: | ||
+ | </ | ||
+ | bzw. | ||
+ | < | ||
+ | # systemctl restart dovecot | ||
</ | </ | ||
Zeile 483: | Zeile 490: | ||
a2 list "" | a2 list "" | ||
* LIST (\HasChildren) "/" | * LIST (\HasChildren) "/" | ||
- | a2 OK List completed. | + | a2 OK List completed |
a3 logout | a3 logout | ||
* BYE Logging out | * BYE Logging out | ||
Zeile 525: | Zeile 532: | ||
# openssl s_client -starttls imap -connect 192.168.0.80: | # openssl s_client -starttls imap -connect 192.168.0.80: | ||
CONNECTED(00000003) | CONNECTED(00000003) | ||
- | depth=2 O = Root CA, OU = http:// | + | depth=2 O = Root CA, OU = http:// |
- | support@cacert.org | + | |
verify error: | verify error: | ||
verify return:0 | verify return:0 | ||
Zeile 572: | Zeile 578: | ||
--- | --- | ||
No client certificate CA names sent | No client certificate CA names sent | ||
+ | Server Temp Key: ECDH, prime256v1, 256 bits | ||
--- | --- | ||
- | SSL handshake has read 6246 bytes and written | + | SSL handshake has read 6060 bytes and written |
--- | --- | ||
- | New, TLSv1/ | + | New, TLSv1/ |
Server public key is 2048 bit | Server public key is 2048 bit | ||
Secure Renegotiation IS supported | Secure Renegotiation IS supported | ||
Zeile 582: | Zeile 589: | ||
SSL-Session: | SSL-Session: | ||
Protocol | Protocol | ||
- | Cipher | + | Cipher |
- | Session-ID: | + | Session-ID: |
- | Session-ID-ctx: | + | Session-ID-ctx: |
- | Master-Key: | + | Master-Key: |
Key-Arg | Key-Arg | ||
Krb5 Principal: None | Krb5 Principal: None | ||
Zeile 592: | Zeile 599: | ||
TLS session ticket lifetime hint: 300 (seconds) | TLS session ticket lifetime hint: 300 (seconds) | ||
TLS session ticket: | TLS session ticket: | ||
- | 0000 - a7 62 3d 5a dd c0 6f bb-a7 bb 36 1a 64 92 c7 b8 .bXZ..o...6.d... | + | 0000 - 51 bf 00 ed 77 92 bf 24-67 b1 a6 7f 45 76 ff 65 |
- | 0010 - 29 e2 1f fa 71 83 c9 a6-f2 6d d0 24 79 a1 09 7a | + | 0010 - ef e3 dd 3d 35 db ff fd-eb fa f4 76 84 0e e7 9c ...=5......v.... |
- | 0020 - 1e 7a b7 d3 a1 4a 29 2c-a8 06 7e 6b 46 75 9b ee .z...B),..~kFu.. | + | 0020 - 0c 8a 65 50 b8 de d6 95-32 e9 4e 8c 3c 9a a4 b3 ..eP....2.N.<... |
- | 0030 - 3a 6a 94 dc fa 53 88 70-05 89 13 e0 75 f1 ee a1 | + | 0030 - 5f 83 d4 25 c4 d2 05 c7-1d 14 54 ac 75 8c 90 b7 |
- | 0040 - 8f 89 2e 8e 85 53 22 d8-23 fa 47 c0 d8 29 d7 87 .....S" | + | 0040 - 48 42 4d 79 52 bc 64 dc-55 54 43 59 3e 7b cf d9 |
- | 0050 - fa 7b c1 d1 52 ac 28 50-0a a3 a0 2a 15 94 0a 7d .{..R.(P.a.*...} | + | 0050 - 3c 8e ae c1 c2 33 9d 27-48 7d af 84 8d fc 0b c2 |
- | 0060 - 95 65 24 11 a7 4a 15 05-71 99 8a 3a 36 11 e8 a4 .e$..J..v..:6... | + | 0060 - a6 4e 7c 2e ec b4 9f 18-95 dc 64 8b 23 de d9 10 .N|.......d.#... |
- | 0070 - 03 19 1a ac 21 38 7b 46-ee dd 13 bd cb 2d d5 a4 ....!2{F..C..-.. | + | 0070 - 40 2e 04 9f 02 ce 3b 61-d4 6d 31 63 33 5e 9f 9c |
- | 0080 - f2 3a fa a3 c9 fe e5 63-ec e4 b4 00 01 c3 60 57 .:..3..c...d..`W | + | 0080 - 65 e4 73 7e b6 26 13 2c-ee 4c b6 e1 2d d4 75 45 |
- | 0090 - a9 af 9e 23 51 eb 31 be-9d 2e 52 7a b7 35 1d 3d ...#A.1.4.R1.5.= | + | 0090 - f3 cd 5d 09 af 44 cb e6-7f ad 19 84 76 58 73 f5 ..]..D......vXs. |
- | Start Time: 1397162463 | + | Start Time: 1436445698 |
Timeout | Timeout | ||
Verify return code: 19 (self signed certificate in certificate chain) | Verify return code: 19 (self signed certificate in certificate chain) |
tachtler/dovecot_ssl_tls.1436444764.txt.gz · Zuletzt geändert: 2015/07/09 14:26 von klaus