[Ach] Feedback to applied-crypto-hardening.pdf - Mail Servers - Dovecot+Postfix
Sebastian
sebix at sebix.at
Fri Dec 22 14:06:55 CET 2017
Hi,
Please consider writing one email with feedback on multiple sections,
thanks.
On 12/22/2017 01:43 PM, Torge Riedel wrote:
> The guide is working for me,
Will be added too.
> I am using the following settings with success from the Thomas' guide:
>
> smtp_tls_security_level = dane
> smtp_dns_support_level = dnssec
Yes, we are missing DNSSEC and DANE in the guide currently. See for
example: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/69
On 12/22/2017 01:50 PM, Torge Riedel wrote:
> The guide is working for me.
Thanks
> But I'm not sure whether it should be
>
> ssl=1
The docs do not mention it at all:
https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html
Is it necessary?
Here is an indicator it might be necessary:
https://www.thomas-krenn.com/de/wiki/MySQL_Verbindungen_mit_SSL_verschl%C3%BCsseln
> And - this is maybe out-of-scope - if you want to use Let's Encrypt
> certs for MySQL, do the following:
The usage of letsencrypt, and other approaches, is out of scope, yes.
The guide is CA-agnostic.
Sebastian
--
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 854 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20171222/b25c3284/attachment.sig>
More information about the Ach
mailing list