I would like to configure an email CentOS 7-based server to use TLS 1.3. Currently it uses TLS 1.2 for securing the SMTP and POP3 sessions. For SMTP I use Postfix software and for POP3 I use Dovecot software. I am interested in using only TLS 1.3 in the email sessions. Is that possible with Dovecot 2.3.4 and Postfix 3.3.2 ? I searched on the Dovecot and Postfix wikies and I didn't found any information related to TLS 1.3.
Asked
Active
Viewed 4,573 times
2
-
1This very likely depends on the TLS library linked to it. – forest Dec 10 '18 at 11:09
1 Answers
1
- Postfix and Dovecot rely on OpenSSL. TLS 1.3 is supported since OpenSSL 1.1.1 which is not the OpenSSL which comes with CentOS 7. This means you would need to compile your own version OpenSSL and compile all the tools which should use it against it.
- Postfix 3.3.2 supports TLS 1.3 - see http://www.postfix.org/announcements/postfix-3.3.2.html
- There is no specific mention of OpenSSL 1.1.1 in the Dovecot Changelog but this indicates that one should be able to compile Dovecot with OpenSSL 1.1.1, so TLS 1.3 should be doable there too.
Steffen Ullrich
- 184,332
- 29
- 363
- 424