Am 29.06.2013 21:54, schrieb Ireneusz Szcześniak: > Reindl, thanks again for your email, but now I realize that perhaps you > misunderstood my problem. I have got the > SSL working with the config presented in my first post. The problem is that > I'm surprised that Dovecot lets > clients establish an SSL connection even when the client doesn't present a > certificate. I don't want clients > without a valid certificate even establish an SSL connection.
what the hell - you can reject them after not present a cert but how do you imagine technically to smell this fact before connect? > On 28.06.2013 23:34, Reindl Harald wrote: > >> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak: >>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It >>> works great. Dovecot serves IMAPS only, >>> and I'm using Thunderbird to access my mail. >>> >>> I configured Dovecot to allow clients that present a valid certificate when >>> establishing SSL connection. I >>> configure my Thunderbird for SSL/TLS connection with normal password. It >>> works fine. >>> >>> However, with my config anybody can connect to my server without presenting >>> a certificate >> >> google "dovecot ssl client certificate" leads to >> http://wiki.dovecot.org/SSL/DovecotConfiguration >> >> well, this is for dovecot 1.x, but have you tried it? >> >> Client certificate verification/authentication >> If you want to require clients to present a valid SSL certificate, you'll >> need these settings
signature.asc
Description: OpenPGP digital signature
