[Ach] New SSL config with Entourage email client

Dan Benton dan at dogsbodytechnology.com
Wed Nov 26 19:10:11 CET 2014

Hi All,

We after the initial rush to disable SSLv3 we've been slowly checking 
the cipher list on our servers and services and switched the last one to 
the bettercrypto.org recommendation which has worked great until now :-p

We obviously left the trickiest for last as we now have one customer 
that can't access their email.  This customer is using the Entourage 
email client on MacOS.

Server - Scientific Linux (RedHat) 6.6 & Dovecot 2.2.15
Client - MacOS 10.6.8 && Entourage v12.3.6

We have gone through their local settings and can't see anything wrong 
with their client and the maillog is just giving us...

dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, 
rip=######, lip=######, TLS handshaking, session=<######/>

This stopped working the exact time we changed the ciphers so this looks 
like a cipher issue to me where the client has no ciphers in common with 
the server.

Anyone know what ciphers Entourage uses and/or what I need to add to the 
dovecot config to make it work again? :-/

I'd rather not go back to the default!
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

Thank you in advance


More information about the Ach mailing list