Re: different TLS protocols on different ports

2018-11-14 Thread Joseph Tam
Michael A. Peters wrote: > Couldn't you run two different instances (with 2 separate run-time > directories), each listening on a different port with their own SSL > configuration??? Or would it clash somewhere? > > If only a single running instance of dovecot is required, I guess you >

Re: different TLS protocols on different ports

2018-11-14 Thread Noel
On 11/14/2018 4:08 PM, Michael A. Peters wrote: > Honestly that violates the concept of KISS. > > Given that TLS 1.2 is now a decade old, do you really need to > still allow clients not capable of TLS 1.0/1.1 ??? > > I still do but only allow cipher suites with Forward Secrecy. > > I don't run

Re: different TLS protocols on different ports

2018-11-14 Thread Michael A. Peters
On 11/14/2018 01:46 PM, Joseph Tam wrote: On Wed, 14 Nov 2018, Aki Tuomi wrote: I'm providing IMAP+Starttls on port 143 for users with legacy MUA.  So I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only. Is this possible with dovecot-2.2.36 / how to

Re: different TLS protocols on different ports

2018-11-14 Thread A. Schulze
Am 14.11.18 um 22:46 schrieb Joseph Tam: > Couldn't you run two different instances that is the idea: Yes, I can run multiple instances... Thanks!

Re: different TLS protocols on different ports

2018-11-14 Thread Joseph Tam
On Wed, 14 Nov 2018, Aki Tuomi wrote: I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only. Is this possible with dovecot-2.2.36 / how to setup this? Not possible I'm afraid.

Re: different TLS protocols on different ports

2018-11-14 Thread A. Schulze
Am 14.11.18 um 21:21 schrieb Michael Slusarz: > These ports are well-known and well used. OK, to be clear: they're not in /my/ networks :-)

Re: different TLS protocols on different ports

2018-11-14 Thread Michael Slusarz
> On November 14, 2018 at 12:46 PM "A. Schulze" wrote: < > I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more > modern protocols/ciphers. > IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many > postmaster used to configure IMAP+SUBMISSION and STARTTLS)

Re: different TLS protocols on different ports

2018-11-14 Thread A. Schulze
Am 14.11.18 um 20:22 schrieb Aki Tuomi: > Not possible I'm afraid. Hello Aki, is it not possible in 2.2.36 or not possible at all? I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. IMAPS/SUBMISSIONS aren't used widely (at least to my

Re: different TLS protocols on different ports

2018-11-14 Thread Aki Tuomi
On 14 November 2018 at 21:19 "A. Schulze" < s...@andreasschulze.de> wrote: Hello, I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3 For