> On November 14, 2018 at 12:46 PM "A. Schulze" <s...@andreasschulze.de> wrote: < > I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more > modern protocols/ciphers. > IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many > postmaster used to configure IMAP+SUBMISSION and STARTTLS)
"IMAPS" has been used forever. Every installation I can think of supports 993. Same with submission. 465/587 has been a standard port for awhile now. In fact, these are the only ports someone like a Google will allow you to connect to. https://support.google.com/mail/answer/7126229?hl=en > Switching Clients to complete new ports is a chance to separate and dry out > legacy MUA's There is no switch to do. These ports are well-known and well used. > I just tried this but that's no valid syntax tough: > > service imap-login { > inet_listener imap { > port = 143 > # using default protocols and ciphers... > } > inet_listener imaps { > port = 993 > ssl_protocols = TLSv1.2 TLSv1.3 > ssl_cipher_list = ... > > } > } > > > Postfix let me easily define different TLS protocols on different ports. > For that it would be cool if dovecot could assist on such migrations, too. > > Andreas > > *) see https://tools.ietf.org/html/rfc8314 > as well as the draft > https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate > TLSv1.1