On Sun, 18 Jan 2015 09:45:16 +0100, Robert Schetterer stated: >Am 16.01.2015 um 12:24 schrieb Oliver Welter: >> Hi Folks, >> >> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint >> about connection errors, openssl s_client and Thunderbird works fine. >> >> I found some posts about this but none of them had a real solution on >> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. >> >> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 >> >> ssl_cert = </var/qmail/control/servercert.pem >> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH >> ssl_dh_parameters_length = 2048 >> ssl_key = </var/qmail/control/servercert.pem >> ssl_protocols = !SSLv2 !TLSv1.2 >> >> The certificate is from Comodo using sha256. >> >> Any idea? >> >> Oliver >> >there is no "Outlook", please do a exact debug what Outlook and Windows >Version, disable TLSv1.2 is a bad idea, my bet goes on your >ssl_cipher_list, try this > ># SSL ciphers to use >ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > > >or search list archive and www for other better solutions and general >dovecot ssl configs
I have: ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL and Outlook 2013 works fine. -- Jerry
pgpb02iYTJkPM.pgp
Description: OpenPGP digital signature
