Skip to content

Instantly share code, notes, and snippets.

@keithws
Last active November 10, 2023 13:50
Show Gist options
  • Save keithws/d073c6f825e02fc823a7c32d406acada to your computer and use it in GitHub Desktop.
Save keithws/d073c6f825e02fc823a7c32d406acada to your computer and use it in GitHub Desktop.
Secure Dovecot SSL settings by following Mozilla's Security/Server Side TLS guidelines
##
## Dovecot SSL settings with Intermediate compatibility
## Follows Mozilla's Security/Server Side TLS guidelines
## https://wiki.mozilla.org/Security/Server_Side_TLS
##
##
## Optionial:
## Disable 3DES ciphersuites to prevent CVE-2016-2183
## by appending ":!3DES" to the ssl_cipher_list
## Disable TLSv1 for PCI compliance as of June 30, 2018
## by appending " !TLSv1" to the ssl_protocols for versions < 2.3
## by changing ssl_min_protocol to "TLSv1.1" for versions >= 2.3
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# ciphersuites
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
# versions
# for dovecot < 2.3
#ssl_protocols = !SSLv3 !SSLv2
# for dovecot >= 2.3
ssl_min_protocol = TLSv1
# DH parameter size
# for dovecot < 2.3
#ssl_dh_parameters_length = 2048
# for dovecot >= 2.3
ssl_dh = <ffdhe2048.pem
# Get ffdhe2048.pem from https://wiki.mozilla.org/Security/Server_Side_TLS#Pre-defined_DHE_groups
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
# no_ticket - Disable SSL session tickets.
ssl_options = no_compression no_ticket
##
## Dovecot SSL settings with Modern compatibility
## Follows Mozilla's Security/Server Side TLS guidelines
## https://wiki.mozilla.org/Security/Server_Side_TLS
##
## Oldest compatible client
## iOS 10, gmail App ?, macOS Sierra 10.12, Outlook 2013 on Windows 8.1
## Samsung Mail ?, Andorid 5, Java 8
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# ciphersuites
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
# versions
# for dovecot < 2.3
#ssl_protocols = TLSv1.2
# for dovecot >= 2.3
ssl_min_protocol = TLSv1.2
# DH parameter size
# not technically needed since no DHE cipher suites are enabled
# but dovecot >= 2.3 will throw a warning when ssl_dh is not set
ssl_dh = <ffdhe2048.pem
# Get ffdhe2048.pem from https://wiki.mozilla.org/Security/Server_Side_TLS#Pre-defined_DHE_groups
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
# no_ticket - Disable SSL session tickets.
ssl_options = no_compression no_ticket
##
## Dovecot SSL settings with Old backward compatibility
## Follows Mozilla's Security/Server Side TLS guidelines
## https://wiki.mozilla.org/Security/Server_Side_TLS
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# ciphersuites
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
# versions
# for dovecot < 2.3
#ssl_protocols = !SSLv2
# for dovecot >= 2.3
ssl_min_protocol = SSLv3
# DH parameter size
# When dovecot < 2.3 starts up for the first time, it generates new 512bit and 1024bit Diffie Hellman parameters and saves them
#ssl_dh_parameters_length = 1024
# for dovecot >= 2.3
ssl_dh = <dh.pem
# generate dh.pem with openssl dhparam -C 1024 > dh.pem
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
# no_ticket - Disable SSL session tickets.
ssl_options = no_compression no_ticket
@keithws
Copy link
Author

keithws commented Sep 6, 2018

Note, Dovecot 2.3 has improved defaults. Notably, SSLv2 is no longer possible and SSLv3 is disabled by default. Additionally, DH params are no longer generated and must be provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment