So this may be an issue of the tlsserverciphers file. Some times
it's interesting not knowing what your doing! haha
I guess the question I have is.. What is the proper
tlsserverciphers for a qmailtoaster with a letsencrypt
certificate. If that even makes sense.
And what is the proper way to actually do it. I've read multiple
things on various forums, including here.
One says to do: echo "!EDH:!DHE:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL" > /var/qmail/control/tlsserverciphers
One says to do: openssl ciphers 'MEDIUM:HIGH:!SSLv2:!MD5:!RC4:!3DES' > /var/qmail/control/tlsserverciphers
yet another says to create a sym link to the servercert.pem file.
ln -sf /var/qmail/control/servercert.pem /var/qmail/control/tlsserverciphers
I guess it has to do with how tight you want security to be and
maybe tlsserverciphers can contain various forms of how to define
that. Just looking for what "most" people would use for an up to
date Centos 7 server.
Thanks, Gary
On 9/3/2019 11:04 AM, Gary Bowling
wrote:
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com |
- [qmailtoaster] SSL Problem Dovecot Gary Bowling
- Re: [qmailtoaster] SSL Problem D... Gary Bowling
- RE: [qmailtoaster] SSL Probl... CarlC Internet Services Service Desk
- Re: [qmailtoaster] SSL P... Gary Bowling
- RE: [qmailtoaster] S... CarlC Internet Services Service Desk
- Re: [qmailtoast... Andrew Swartz
- Re: [qmailt... Gary Bowling
- Re: [qm... Andrew Swartz
- Re: [qm... Andrew Swartz
- Re: [qm... Gary Bowling
- RE: [qm... CarlC Internet Services Service Desk
- Re: [qm... Gary Bowling