Hello!

I am into setting up Courier's SSL properly = securely.

Courier MTA v0.75.0

Intermediate settings from
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.18&openssl=1.0.2d&hsts=yes&profile=intermediate

I told esmtpd-ssl to listen on https port:

https://www.ssllabs.com/ssltest/analyze.html?d=09874751-cb3a-4d39-b10f-3993b1da964e.pub.cloud.scaleway.com&hideResults=on
(self-signed weak cert, but don't care)

Q1
"Cipher Suites (sorted by strength as the server has no preference;"

Could you please help achieve server order as in Apache SSLHonorCipherOrder?

Q2
I've set
TLS_CACHEFILE=/var/lib/courier/ssl_cache
TLS_CACHESIZE=524288
but still "Session resumption (caching) ->      No (IDs assigned but not 
accepted)"

Could you help?
Please document TLS_CACHEFILE and TLS_CACHESIZE as they are necessary  
to reach Qualys A+

Q3
"OCSP stapling -> No"
Would it be possible to enable it?

Thank you very much!


SZÉPE Viktor
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to