Hi All, Am 19.01.2015 um 22:55 schrieb Darren Pilgrim: > On 1/18/2015 12:45 AM, Robert Schetterer wrote: >> Am 16.01.2015 um 12:24 schrieb Oliver Welter: >>> Hi Folks, >>> >>> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint >>> about connection errors, openssl s_client and Thunderbird works fine. >>> >>> I found some posts about this but none of them had a real solution on >>> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. >>> >>> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 >>> >>> ssl_cert = </var/qmail/control/servercert.pem >>> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH >>> ssl_dh_parameters_length = 2048 >>> ssl_key = </var/qmail/control/servercert.pem >>> ssl_protocols = !SSLv2 !TLSv1.2 >>> >>> The certificate is from Comodo using sha256. >>>
I was not able to track it down exactly but it looks like the problem was a sha1 signed certificate in the chain. After exchanging that with the matching 384bit one, the problems are gone. Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
