According to https://cipherli.st/
ssl = yes
ssl_cert = </etc/dovecot.cert
ssl_key = </etc/dovecot.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following
cipher in the log file:
ECDHE-ECDSA-AES256-SHA (256/256 bits)
After the change the log now says:
ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
Is this an improvement (or more secure) despite going from 256bits to
128bits?
Thanks!
