[Ach] Feedback to applied-crypto-hardening.pdf - Mail Servers - Dovecot+Postfix

Torge Riedel torgeriedel at gmx.de
Sat Dec 23 12:32:03 CET 2017

Am 22.12.2017 um 14:06 schrieb Sebastian:
>> But I'm not sure whether it should be
>> ssl=1
> The docs do not mention it at all:
> https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html
> Is it necessary?
> Here is an indicator it might be necessary:
> https://www.thomas-krenn.com/de/wiki/MySQL_Verbindungen_mit_SSL_verschl%C3%BCsseln

Well, the MySQL docs say that option 'ssl' is enabled by default. Since my own server installation docs have a long history, it might be possible that 'ssl' was not enabled by default in earlier versions of MySQL.

IMHO it is better to set this option on your own to offer encrypted connections, instead of relying on default values.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20171223/b50f987d/attachment.html>

More information about the Ach mailing list