KNOWNHOST WIKI

User Tools

Site Tools


control-panels:directadmin:how-to-change-the-dovecot-ssl-protocols

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
control-panels:directadmin:how-to-change-the-dovecot-ssl-protocols [2020/03/05 09:53]
Derrick B.
control-panels:directadmin:how-to-change-the-dovecot-ssl-protocols [2020/06/01 14:47] (current)
Karson N.
Line 2: Line 2:
  
 <WRAP info round 90%> <WRAP info round 90%>
 +((https://forum.directadmin.com/threads/custombuild-ssl_configuration-intermediate-setting-will-now-also-drop-tls-1-1-and-older-for-exim-and-dovecot.60422/#post-309499))
 [[https://forum.directadmin.com/threads/custombuild-ssl_configuration-intermediate-setting-will-now-also-drop-tls-1-1-and-older-for-exim-and-dovecot.60422/#post-309499|DirectAdmin has dropped support for TLS 1.1 for Exim and Dovecot by default]]. [[https://forum.directadmin.com/threads/custombuild-ssl_configuration-intermediate-setting-will-now-also-drop-tls-1-1-and-older-for-exim-and-dovecot.60422/#post-309499|DirectAdmin has dropped support for TLS 1.1 for Exim and Dovecot by default]].
 </WRAP> </WRAP>
Line 12: Line 13:
  
 <code> <code>
-cd /usr/local/directadmin/custombuild +  cd /usr/local/directadmin/custombuild 
-mkdir -p custom/dovecot/conf +  mkdir -p custom/dovecot/conf 
-cp configure/dovecot/conf/ssl.conf custom/dovecot/conf/ssl.conf+  cp configure/dovecot/conf/ssl.conf custom/dovecot/conf/ssl.conf
 </code> </code>
  
 Now change your ciphers and/or protocols as desired using a file editor such as nano or vim. For example, if a PCI Compliance vendor requires TLSv1.2, then change the ssl_min_protocol line in the ssl.conf file to look like this: Now change your ciphers and/or protocols as desired using a file editor such as nano or vim. For example, if a PCI Compliance vendor requires TLSv1.2, then change the ssl_min_protocol line in the ssl.conf file to look like this:
 +<code>
   ssl_min_protocol = TLSv1.2   ssl_min_protocol = TLSv1.2
 +</code>
  
 And run this to rewrite the configuration and restart Dovecot: And run this to rewrite the configuration and restart Dovecot:
 +<code>
   ./build dovecot_conf   ./build dovecot_conf
 +</code>
  
 Now, to test the available protocols and ciphers, you can use nmap as the root user from within the server like so: Now, to test the available protocols and ciphers, you can use nmap as the root user from within the server like so:
 +<code>
   nmap localhost -p 993 --script ssl-enum-ciphers   nmap localhost -p 993 --script ssl-enum-ciphers
 +</code>
  
-To note, you could run this from outside the server as well by replacing //localhost// with the server hostname/IP, or a domain that resolves to the server. +To note, you could run this from outside the server as well by replacing //localhost// with the server hostname/IP, or a domain that resolves to the server.
control-panels/directadmin/how-to-change-the-dovecot-ssl-protocols.txt · Last modified: 2020/06/01 14:47 by Karson N.