Securing dovecot (dovecot-2.2.10-4.el7_0.1) that uses openssl

This article is part of the Securing Applications Collection

Configuration File

   /etc/dovecot.conf

shortform

ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = kDH:AES

Protocols

    ssl_protocols = !SSLv2 !SSLv3

TLSv1

Protocol - Alternative Values
ssl_protocols = !SSLv2
Allow SSLv3 or better

Ciphers

    ssl_cipher_list = kDH:AES

Provides best cipher selection for RHEL5

Ciphers - Alternative Values
ssl_cipher_list = kDH:AES:RC4-SHA
Add RC4-SHA for old client compatibility

Certificate Handling

dovecot uses a key file and certificates file.

Key File

ssl_key = </etc/pki/dovecot/private/dovecot.pem

key should be readable only by root

Certificate File

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

Should contain the server certificate followed by any intermediate certificates and then the root certificate.

Select Your Language

Securing dovecot with SSL/TLS on RHEL5

Configuration File

shortform

Protocols

Protocol - Alternative Values

Ciphers

Ciphers - Alternative Values

Certificate Handling

Key File

Certificate File

Comments

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Configuration File

shortform

Protocols

Protocol - Alternative Values

Ciphers

Ciphers - Alternative Values

Certificate Handling

Key File

Certificate File

Comments

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links