Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# cd /path/
# cat bknaus.de.crt sub.class1.server.sha2.ca.pem > bknaus.de.bundle.crt

# vi /etc/dovecot/dovecot.conf

ssl = yes
ssl_cert_file = /path/bknaus.de.bundle.crt
ssl_key_file = /path/bknaus.de.key
ssl_ca_file = /path/ca.pem
ssl_verify_client_cert = yes
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = -ALL:AES:DES-CBC3-SHA:DES-CBC3-MD5:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA
verbose_ssl = yes

# /etc/init.d/dovecot restart

Qmail

Warning

Wenn man SSLv3 in Qmail ausschlie├čt, wird automatisch auch TLS deaktiviert! Bei Qmail muss auf einen Patch gewartet werden.

Code Block
# cd /path/
# cat bknaus.de.key bknaus.de.crt sub.class1.server.sha2.ca.pem > bknaus.de.pem
# openssl gendh >> bknaus.de.pem
# mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem_back
# cp bknaus.de.pem /var/qmail/control/servercert.pem
# vi /var/qmail/control/tlsserverciphers
HIGH:!MD5:!aNULL:!EDH:-!SSLv2:!SSLv3
# vi /var/qmail/control/tlsclientciphers
HIGH:!MD5:!aNULL:!EDH:-!SSLv2:!SSLv3
# /etc/init.d/svscan restart

...