Hi Benoit, Of course, I will do that today.
My next challenge is to find out how to enable OCSP stapling... something I'd never heard of until 25 minutes ago... I will post if I find a solution. Matt On Tue, 12 Mar 2019 at 10:48, Benoit Tellier <btell...@linagora.com> wrote: > That looks VERY interesting and not documented. > > I believe that your valuable experience deserve to be recorded on our > documentation website. > > Do you think you can find the time to edit > > https://github.com/apache/james-project/blob/master/src/site/xdoc/server/config-ssl-tls.xml > ? > > The corresponding website page is > https://james.apache.org/server/config-ssl-tls.html > > That would be lovely > > Best regards, > > Benoit Tellier > > On 12/03/2019 17:42, Matt Pryor wrote: > > Please disregard this question, after some more digging I found out it > was > > the /jre/lib/security/java.security file that I needed to edit: > > > > jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, *DH keySize < > 2048*, > > \ > > EC keySize < 224, 3DES_EDE_CBC, anon, NULL,* SSLv2Hello, SSLv3, > TLSv1, > > TLSv1.1* > > > > Thanks > > Matt > > > > On Tue, 12 Mar 2019 at 10:15, Matt Pryor < > pr...@international-presence.com> > > wrote: > > > >> Hi there > >> > >> I was wondering if anyone can point me in the right direction in order > to > >> disable TLS1.0 for STARTTLS? > >> > >> I tried adding the following line to the wrapper.conf but it doesn't > seem > >> to make any difference: > >> > >> wrapper.java.additional.15=-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1.3 > >> > >> Also, when running the diagnostic tool at https://www.htbridge.com/ssl/ > >> it complained that the diffie-hellman parameter is too weak (only 1024 > >> bytes). Does anyone know how to change this? > >> > >> Thanks for any tips. > >> > >> Matt > >> > >> -- > >> Matt Pryor > >> Software Developer > >> > >> The International Presence Group of Companies > >> EMAIL: pr...@presencebpm.com > >> URL: www.International-presence.com > >> > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > > -- Matt Pryor Software Developer The International Presence Group of Companies EMAIL: pr...@presencebpm.com URL: www.International-presence.com
