SZÉPE Viktor writes:

Q1
"Cipher Suites (sorted by strength as the server has no preference;"

Could you please help achieve server order as in Apache SSLHonorCipherOrder?

I cannot locate a similar option in GnuTLS's API. OpenSSL's documentation has a reputation for being rather scant, terse, and somewhat difficult to work with.

Perhaps one way would be to grab Apache's source, and see what this option does. I don't have the time to do this at this time. I'm open to accept patches to implement this kind of a configuration setting, for either the OpenSSL or the GnuTLS flavor.

Q2
I've set
TLS_CACHEFILE=/var/lib/courier/ssl_cache
TLS_CACHESIZE=524288
but still "Session resumption (caching) -> No (IDs assigned but not accepted)"

These options do exist in the imapd-ssl and pop3d-ssl configuration file. They're missing in esmtpd-ssl, and I'll add them. Besides the existing documentation in imapd-ssl and pop3d-ssl, there's nothing else to document.


Could you help?
Please document TLS_CACHEFILE and TLS_CACHESIZE as they are necessary
to reach Qualys A+

Q3
"OCSP stapling -> No"
Would it be possible to enable it?

Again, this all depends on the availability of the API documentation in the underlying OpenSSL and GnuTLS libraries; and available time. Patches welcome.


Attachment: pgpIIVrg5vIIp.pgp
Description: PGP signature

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to