Planet
navi homePPSaboutscreenshotsdownloaddevelopmentforum

Opened 9 years ago

Closed 9 years ago

#487 closed task (fixed)

Increase mailserver SSL rating

Reported by: landauf Owned by: landauf
Priority: minor Milestone: IT: Server Setup
Component: IT Version:
Keywords: Cc:
Referenced By: References:

Description

e.g. here:

Change History (1)

comment:1 Changed 9 years ago by landauf

  • Resolution set to fixed
  • Status changed from new to closed

In /etc/dovecot/conf.d/10-ssl.conf define the following settings: 

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = xxx [copy ciphers from apache config]
ssl_prefer_server_ciphers = yes

In /etc/postfix/main.cf define the following settings: 

# Deny some TLS-Protocols
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

# Deny some TLS-Ciphers
smtpd_tls_exclude_ciphers =
        EXP
        EDH-RSA-DES-CBC-SHA
        ADH-DES-CBC-SHA
        DES-CBC-SHA
        SEED-SHA
        RC4 [<-- add this]
Note: See TracTickets for help on using tickets.