Oliver Mihatsch writes:
Hi,I would like to reconfigure my courier-imap to use only TLS for secure connections. Currently I'm defining the following constant in the imapd-ssl configuration file: TLS_PROTOCOL="TLS1_2:TLS1_1:TLS1" TLS1 is working fine but when I'm trying to connect using TLS1.1 or TLS1.2, the server rejects it: openssl s_client -connect myServer:993 -tls1_2 "Secure Renegotiation IS NOT supported" When I unset the TLS_PROTOCOL variable, SSLv3, TLS1.0, TLS1.1 and TLS1.2 are working. Any ideas how I can fix this? Perhaps the constants TLS1_2 and TLS1_1 are not recognized?
It's an OpenSSL configuration quirk. In order for protocol negotiation to take place, SSLv3 must be included.
The trick is to enable SSLv3 but to disable all SSLv3 ciphers via TLS_CIPHER_LIST.
The default setting is TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" So, just remove SSLv3.
pgpphD9hWUaq4.pgp
Description: PGP signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
