guam tls settings

David Obando david at cryptix.net
Fri Oct 18 16:58:21 CEST 2019 

Hi,

I use the current stable 16.1 and didn't setup DKIM yet (but I want to).

Did you check which TLS and ciphers your system offers to the world?
With "nmap --script ssl-enum-ciphers servername" you'll get an overview.


Best regards,

d.


Am 18.10.19 um 16:43 schrieb Milan Petrovic:
> My logs are the same, but I didn't find it odd. Maybe I should :)
>
> On an unrelated note: what version of Kolab do you have and have you
> been setting DKIM?
>
> On Thu, Oct 17, 2019 at 2:24 PM David Obando <david at cryptix.net
> <mailto:david at cryptix.net>> wrote:
>
>     Hi,
>
>     unfortunately not.
>
>     I hardenen cyrus:
>
>     Oct 17 14:20:19 mail02 imaps[13990]: inittls: Loading hard-coded
>     DH parameters
>     Oct 17 14:20:19 mail02 imaps[13990]: starttls: TLSv1.2 with cipher
>     ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits reused) no authentication
>
>
>     but my server still offers TLSv1 and v1.1 plus weak ciphers.
>
>
>     Best regards,
>
>     David
>
>
>     Am 16.10.19 um 23:27 schrieb Milan Petrovic:
>>     As far as my understanding is, guam is just a proxy for cyrus,
>>     so, any details you define in your imapd.conf. Guam as a proxy
>>     should just be able to pass through the connection.
>>
>>     It's just my understanding, maybe I'm wrong.
>>
>>     On Wed, Oct 16, 2019 at 4:54 PM David Obando <david at cryptix.net
>>     <mailto:david at cryptix.net>> wrote:
>>
>>         Hi all,
>>
>>         I'm new to the list and about to setup a new kolab system.
>>
>>         As I'm about to harden all services I got stuck with tweaking
>>         guams tls
>>         settings.
>>
>>         Is there a way to at least define TLS protocol version and
>>         TLS ciphers?
>>
>>
>>         Thanks and best regards,
>>
>>         David
>>
>>
>>
>>         -- 
>>         encrypt!
>>         gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> --recv-keys
>>         6A25B6A3
>>         Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8
>>         056C 6A25 B6A3
>>         _______________________________________________
>>         users mailing list
>>         users at lists.kolab.org <mailto:users at lists.kolab.org>
>>         https://lists.kolab.org/mailman/listinfo/users
>>
>>
>>     _______________________________________________
>>     users mailing list
>>     users at lists.kolab.org <mailto:users at lists.kolab.org>
>>     https://lists.kolab.org/mailman/listinfo/users
>
>     -- 
>     encrypt!
>     gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> --recv-keys 6A25B6A3
>     Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8 056C 6A25 B6A3
>
>     _______________________________________________
>     users mailing list
>     users at lists.kolab.org <mailto:users at lists.kolab.org>
>     https://lists.kolab.org/mailman/listinfo/users
>
-- 
encrypt!
gpg --keyserver pgp.mit.edu --recv-keys 6A25B6A3
Schl.-Fingerabdruck = 15FF 16DC 494C EABD 6DF8  B388 4EB8 056C 6A25 B6A3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20191018/dba0b704/attachment-0001.html>

More information about the users mailing list