guam tls settings

David Obando david at cryptix.net
Thu Oct 17 14:24:09 CEST 2019


Hi,

unfortunately not.

I hardenen cyrus:

Oct 17 14:20:19 mail02 imaps[13990]: inittls: Loading hard-coded DH
parameters
Oct 17 14:20:19 mail02 imaps[13990]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits reused) no authentication


but my server still offers TLSv1 and v1.1 plus weak ciphers.


Best regards,

David


Am 16.10.19 um 23:27 schrieb Milan Petrovic:
> As far as my understanding is, guam is just a proxy for cyrus, so, any
> details you define in your imapd.conf. Guam as a proxy should just be
> able to pass through the connection.
>
> It's just my understanding, maybe I'm wrong.
>
> On Wed, Oct 16, 2019 at 4:54 PM David Obando <david at cryptix.net
> <mailto:david at cryptix.net>> wrote:
>
>     Hi all,
>
>     I'm new to the list and about to setup a new kolab system.
>
>     As I'm about to harden all services I got stuck with tweaking
>     guams tls
>     settings.
>
>     Is there a way to at least define TLS protocol version and TLS
>     ciphers?
>
>
>     Thanks and best regards,
>
>     David
>
>
>
>     -- 
>     encrypt!
>     gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> --recv-keys 6A25B6A3
>     Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8 056C
>     6A25 B6A3
>     _______________________________________________
>     users mailing list
>     users at lists.kolab.org <mailto:users at lists.kolab.org>
>     https://lists.kolab.org/mailman/listinfo/users
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

-- 
encrypt!
gpg --keyserver pgp.mit.edu --recv-keys 6A25B6A3
Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8 056C 6A25 B6A3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20191017/713c9fc0/attachment.html>


More information about the users mailing list