SZÉPE Viktor writes:
Q1 "Cipher Suites (sorted by strength as the server has no preference;"Could you please help achieve server order as in Apache SSLHonorCipherOrder?
I cannot locate a similar option in GnuTLS's API. OpenSSL's documentation has a reputation for being rather scant, terse, and somewhat difficult to work with.
Perhaps one way would be to grab Apache's source, and see what this option does. I don't have the time to do this at this time. I'm open to accept patches to implement this kind of a configuration setting, for either the OpenSSL or the GnuTLS flavor.
Q2 I've set TLS_CACHEFILE=/var/lib/courier/ssl_cache TLS_CACHESIZE=524288but still "Session resumption (caching) -> No (IDs assigned but not accepted)"
These options do exist in the imapd-ssl and pop3d-ssl configuration file. They're missing in esmtpd-ssl, and I'll add them. Besides the existing documentation in imapd-ssl and pop3d-ssl, there's nothing else to document.
Could you help? Please document TLS_CACHEFILE and TLS_CACHESIZE as they are necessary to reach Qualys A+ Q3 "OCSP stapling -> No" Would it be possible to enable it?
Again, this all depends on the availability of the API documentation in the underlying OpenSSL and GnuTLS libraries; and available time. Patches welcome.
pgpIIVrg5vIIp.pgp
Description: PGP signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users