[Ach] 9.2.1 Dovecot, some additions, questions
Pepi Zawodsky
pepi.zawodsky at maclemon.at
Tue Nov 19 22:40:52 CET 2013
On 19.11.2013, at 22:37, L. Aaron Kaplan <kaplan at cert.at> wrote:
>> ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
>> Does 24h sound reasonable? More or less?
> For a typical server yes, for an embedded device no.
Dovecot on embedded systems is a thing? But ok, my Mac mini doesn't necessarily qualify as “server” for many others as well. :-)
So 8h as proposal on common server hardware.
>> disable_plaintext_auth=yes
> Is that plaintext within a TLS/SSL tunnel?
Yes, exactly!
allows plaintext authentication only when SSL/TLS is used first
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/0150d934/attachment.sig>
More information about the Ach
mailing list