Am 09.05.2014 08:29, schrieb Sebastian Goodrick: >>> my speculate was, it leaves too less ciphers left > OK, but does the old dovecot/openssl version provide less ciphers than > the new install?
sorry i am short in time dovecot hast setup options for ciphers related to your openssl version please read http://www.michaelboman.org/books/sslscan http://www.unixwitch.de/de/sysadmin/tools/imap-mit-ssl-testen https://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/ http://wiki2.dovecot.org/SSL/DovecotConfiguration http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html I'm not too familiar with what ciphers ship with > OpenSSL in what version. type openssl ciphers to see ciphers on your server with your openssl version and openssl s_client -connect imap.example.com:143 -starttls imap for general testing My naive assumption is, a new version ships > with more ciphers, hence this shouldn't be an issue. (Unless there is > a new bug in a cipher.) there must be matching ciphers > >> Computer Configuration\Windows Settings\Security Settings\Local >> Policies\Security Options > I just learned, there is a tool called gpedit.msc on win8 :) > "Use FIPS compliant algorithms for encryption, hashing, and signing" > is disabled on my machine. From what I understand this indicates, that > it can use more/all available ciphers. > >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >> NT\CurrentVersion\SecEdit\Reg > Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled > I can find this key (it is set to DisplayType=0 and ValueType=4) but I > don't understand what I can change there and what this setting > indicates. Needless to say that my windows administration knowledge is > limited. as written i will test it, but it will take time > > Regards, > Sebastian > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
