Configuration File

   /etc/dovecot.conf

shortform

ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = kDH:AES

Protocols

    ssl_protocols = !SSLv2 !SSLv3

TLSv1

Protocol - Alternative Values
ssl_protocols = !SSLv2
Allow SSLv3 or better

Ciphers

    ssl_cipher_list = kDH:AES

Provides best cipher selection for RHEL5

Ciphers - Alternative Values
ssl_cipher_list = kDH:AES:RC4-SHA
Add RC4-SHA for old client compatibility

Certificate Handling

dovecot uses a key file and certificates file.

Key File

ssl_key = </etc/pki/dovecot/private/dovecot.pem

key should be readable only by root

Certificate File

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

Should contain the server certificate followed by any intermediate certificates and then the root certificate.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Securing dovecot with SSL/TLS on RHEL5

Configuration File

shortform

Protocols

Protocol - Alternative Values

Ciphers

Ciphers - Alternative Values

Certificate Handling

Key File

Certificate File