Re: TLS problem after upgrading from v2.2 to v2.3

2018-01-07 Thread Aki Tuomi
On 08.01.2018 09:41, Joseph Tam wrote: > Jan Vejvalka writes: > >>> Mine are below and they work just fine: >>> >>> ssl_cipher_list = >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-G

Re: TLS problem after upgrading from v2.2 to v2.3

2018-01-07 Thread Joseph Tam
Jan Vejvalka writes: Mine are below and they work just fine: ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA

Re: TLS problem after upgrading from v2.2 to v2.3

2018-01-06 Thread Jan Vejvalka
Hi Goetz, thanks, I tried your list - and I quickly ran back, as I noticed that this time I disconnected a user who is much less cooperative :-) Jan On 06.01.2018 20:47, Goetz Schultz wrote: Hi Jan, fair enough. You may want to try mine to see if it works - if yes, it might be worthwhile d

Re: TLS problem after upgrading from v2.2 to v2.3

2018-01-06 Thread Goetz Schultz
Hi Jan, fair enough. You may want to try mine to see if it works - if yes, it might be worthwhile digging deeper. Tbh I had not default settings on for a long time. Thanks and regards Goetz R. Schultz On 06/01/18 18:30, Jan Vejvalka wrote: > Thanks for your reply; I used the defaults, both b

TLS problem after upgrading from v2.2 to v2.3

2018-01-06 Thread Jan Vejvalka
Thanks for your reply; I used the defaults, both before and after the upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default changes. The new defaults broke the connection. Jan what are your settings? Mine are below and they work just fine: ssl_cipher_list = ECDHE-RSA-AES1

Re: TLS problem after upgrading from v2.2 to v2.3

2018-01-05 Thread Goetz Schultz
Hi, what are your settings? Mine are below and they work just fine: ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-

TLS problem after upgrading from v2.2 to v2.3

2018-01-05 Thread Jan Vejvalka
Hi *, The change in default SSL settings between 2.2 and 2.3 cut off a few clients; Microsoft-hosted Exchange (?) being one of them: Jan 4 11:02:56 kremail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=40.101.4.hisip, lip=myip, TLS handshaking: SSL_accept() fail