Sam Varshavchik writes:
Gerald Hopf writes:default. If even the official courier-mta.org MX server doesn't have this correctly enabled, I somehow doubt anyone else does... And somehow dovecot/postfix seem to manage to have this as default without generation special DH parameter files ?It's two opposite philosophies. You can either try to do everything automatically and by default. But, if the default rules don't work for someone, there's little they can do.Or, provide a knob for every setting, putting you in charge and full control of everything. You have more work to do, but you have more flexibility.I don't know offhand why you cannot get the ciphers you want. All the moving pieces should be in place. The DH parameters should get loaded, if they exist. I'll try to do some tinkering later, myself.
Ok, here's exactly what I mean. In your esmtpd-ssl, imapd-ssl, or pop3-ssl configuration file, set the TLS_DHCERTFILE setting to the file that has your DH parameters, in PEM format. It can be the same file as the TLS_CERTFILE.
Results: Version: TLSv1/SSLv3 Bits: 256 Cipher: DHE-RSA-AES256-SHA
pgpYruTCphzga.pgp
Description: PGP signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
