Displaying 12 results from an estimated 12 matches for "rfc8314".
Did you mean:
rfc4314
2020 May 29
3
identify 143 vs 993 clients
...the STARTSSL capability from the server
> response.
And doing that it can as easily inject a LOGIN capability, making non-broken client also send the password in plain text. (Only broken client will send password if LOGIN is not present).
That?s why this RFC exists: https://tools.ietf.org/html/rfc8314 <https://tools.ietf.org/html/rfc8314>
> In a setting where you want to protect the clients from accidentally
> exposing secrets by misconfiguration, allowing only 993/995 (and 465 for
> SMTP; 25/587 have the same problem) is the safe way.
Port 25 is a special case and should never...
2018 Nov 14
2
different TLS protocols on different ports
...port = 993
ssl_protocols = TLSv1.2 TLSv1.3
ssl_cipher_list = ...
}
}
Postfix let me easily define different TLS protocols on different ports.
For that it would be cool if dovecot could assist on such migrations, too.
Andreas
*) see https://tools.ietf.org/html/rfc8314
as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1
2020 May 26
5
identify 143 vs 993 clients
Hi,
On 25/05/2020 23:04, Voytek wrote:
> jumping here with a question, if I use 143 with STARTTLS, and, force
> TLS/SSL in configuration, that's equivalent from security POV, isn't
> it? and, same for 110 STARTTLS? Or am I missing something?
Interesting point, after some googling, I think you are right, and as
long as we have set "disable_plaintext_auth = yes" (and we
2020 Nov 10
10
Recommended Protocols?
Hello all:
For several years I have been running the following in a Linux server.
Dovecot Version: 2.0.9
*IMAP:*
Connection Security: SSL/TLS
Port: 993
Authentication Method: Normal Password
*SMTP:*
Connection Security: STARTTLS
Port: 587
Authentication Method: Normal Password
The E-mail client is Thunderbird on Windows.
I am preparing a new server, with Dovecot 2.2.36 and would like to know
2018 Nov 14
0
different TLS protocols on different ports
...ssl_cipher_list = ...
>
> }
> }
>
>
> Postfix let me easily define different TLS protocols on different ports.
> For that it would be cool if dovecot could assist on such migrations, too.
>
> Andreas
>
> *) see https://tools.ietf.org/html/rfc8314
> as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1
2020 Apr 14
0
got a listener on 993
Am 13.04.20 um 20:52 schrieb David Mehler:
> Hello,
>
> Before I get in to my question is ssl on 993 or starttls on 143 better
> from a security perspective?
implicit TLS is recommended: https://tools.ietf.org/html/rfc8314#section-3
Andreas
2020 Apr 14
1
got a listener on 993
...ulze.de> a ?crit :
>
>
>
> Am 13.04.20 um 20:52 schrieb David Mehler:
>> Hello,
>>
>> Before I get in to my question is ssl on 993 or starttls on 143 better
>> from a security perspective?
>
> implicit TLS is recommended: https://tools.ietf.org/html/rfc8314#section-3
One rational for this is to make sure broken clients don?t send clear text credential on port 143, even if STARTTLS is required.
So from a security perspective, you can consider TLS on port 943 a better solution.
2020 May 29
0
identify 143 vs 993 clients
...ver
>> response.
>
> And doing that it can as easily inject a LOGIN capability, making
> non-broken client also send the password in plain text. (Only broken
> client will send password if LOGIN is not present).
>
> That?s why this RFC exists: https://tools.ietf.org/html/rfc8314
>
>> In a setting where you want to protect the clients from accidentally
>> exposing secrets by misconfiguration, allowing only 993/995 (and 465 for
>> SMTP; 25/587 have the same problem) is the safe way.
>
> Port 25 is a special case and should never be used by client...
2020 Nov 10
0
Recommended Protocols?
...ould I stick to what I have? I would prefer to start with the easiest configuration possible, which I will revise later.
>
> This is the command that I have been using to verify the server's functionality:
RFC 8314 suggest to prefer implicit TLS over STARTTLS
https://tools.ietf.org/html/rfc8314#section-3
modern clients work mostly fine with that recommendation, too.
Andreas
2018 Nov 14
3
different TLS protocols on different ports
Hello,
I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3
For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only.
Is this possible with dovecot-2.2.36 / how to setup this?
Thanks for suggestions,
Andreas
2020 Apr 13
5
got a listener on 993
Hello,
Before I get in to my question is ssl on 993 or starttls on 143 better
from a security perspective?
I've noticed that I've got a dovecot listener on port 993, below is my
doveconf -n output I don't have an imaps listener uncommented should I
do so and set it's port to 0? Will that disable the 993 listener?
Thanks.
Dave.
# 2.3.10 (0da0eff44):
2019 Jul 27
2
submission configuration issues
> Le 27 juil. 2019 ? 14:30, Stephan Bosch <stephan at rename-it.nl> a ?crit :
>
> On 23/07/2019 17:13, Jean-Daniel Dupas via dovecot wrote:
>> Hello,
>>
>> I'm having trouble configuring the submission proxy.
>>
>> I have configured the submission service as follow:
>>
>> submission_host = smtp.example.com
>>