/etc/dovecot/conf.d/10-ssl.conf 配置文件中。 查看配置文件,可以看到关于该设置:ssl_cipher_list 的可选项说明。该设置可以直接给出允许使用和不允许使用的加密算法的清单,也可以直接按操作系统的设置,也就是 PROFILE=SYSTEM 这一项。 于是去比对其他厂商发行版的 Dovecot 配置即10-ssl.conf,发现全都是一样的...
LOW@STRENGTH+ssl_cipher_list = EECDH+AES:EDH+AES+aRSA# Colon separated list of elliptic curves to use. Empty value (the default) # means use the defaults from the SSL library. P-521:P-384:P-256 would be an@@ -72,6 +87,7 @@# Prefer the server's order of ciphers over client'...
ssl = required ssl_cert = </etc/pki/tls/certs/cert.pem # 证书文件位置,需要修改 ssl_key = </etc/pki/tls/private/key.pem # 证书私钥文件位置,需要修改 ssl_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3 ssl_cipher_list = ALL:!MD5:!DES:!ADH:!RC4:!PSD:!SRP:!3DES:!eNULL:!a...
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL 第四步:启用邮件过滤器 Dovecot提供了内置的邮件过滤器,可以让您轻松地过滤和管理您的邮件。以下是启用邮件过滤器的Dovecot配置: 1. mail_plugins:这个配置项用于指定所使用的插件。 mail_plugins = $mail_plugins sieve 2. plugin:这个配置项用于指定每个插件...
ssl_cipher_list = ALL:!LOW SSL ciphers to use verbose_ssl = no Show protocol level SSL errors. Login processes login_dir = /var/run/dovecot/login Directory where authentication process places authentication UNIX sockets which login needs to be able to connect to. The sockets are created when...
ssl_protocols = !SSLv2 !SSLv3 # SSL ciphers to use. See: # https://weakdh.org/sysadmin.html # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl_cipher_list = ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!
ssl_prefer_server_ciphers = yes –on Postfix (/etc/postfix/main.cf) tls_preempt_cipherlist = yes How to check SSL installation OpenSSL The OpenSSL toolkit helps to check the SSL certificate installation on a server both remotely and locally. ...
node['dovecot']['conf']['ssl_dh'] nil DH parameters file to use (Dovecot >= 2.3). node['dovecot']['conf']['ssl_min_protocol'] nil Minimum SSL protocol version to use (Dovecot >= 2.3). node['dovecot']['conf']['ssl_cipher_list'] nil SSL ciphers to use. node['dovecot']['...
ssl_certificate_key /etc/pki/tls/private/postfixadmin.yourfqdn.com.key; ssl_protocols TLSv1.2; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"; ssl_prefer_server_ciphers on; ...
Generating SSL certificates We will also need a certificate to enable SSL communication. We will useopensslto generate a self-signed certificate. First issue the following command to generate a private key: openssl genrsa -out domain.key 1024 ...