This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.
Differences between revisions 4 and 6 (spanning 2 versions)
Revision 4 as of 2008-05-12 11:26:08
Size: 4977
Editor: ppp59-167-49-77
Comment: documented ssl_cert_username_field
Revision 6 as of 2008-08-29 15:02:19
Size: 4996
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 60: Line 60:
By default Dovecot allows all but the "LOW" SSL ciphers. See http://www.openssl.org/docs/apps/ciphers.html for a list of the ciphers. Disallowing more won't really gain any security for those using better ciphers, but it does prevent people from accidentally using insecure ciphers. You may want to drop also the SSLv2 ciphers: By default Dovecot v1.1+ allows all except the "LOW" and SSLv2 ciphers. See http://www.openssl.org/docs/apps/ciphers.html for a list of the ciphers. Disallowing more won't really gain any security for those using better ciphers, but it does prevent people from accidentally using insecure ciphers. You can change the cipher list with:
Line 89: Line 89:
The CA file should contain the CA certificate(s), in PEM format, followed by the matching CRL(s), also in PEM format. Note that the CRLs are required to exist. To convert a DER format CRL like, http://crl.cacert.org/class3-revoke.crl, into PEM format, `openssl crl -in class3-revoke.crl -inform DER -outform PEM > class3-revoke.pem`. The CA file should contain the CA certificate(s), in PEM format, followed by the matching CRL(s), also in PEM format. Note that the CRLs are required to exist. To convert a DER format CRL (e.g. http://crl.cacert.org/class3-revoke.crl) into PEM format, use:

{{{
openssl crl -in class3-revoke.crl -inform DER -outform
PEM > class3-revoke.pem
}}}

Dovecot SSL configuration

The most important settings are:

ssl_disable = no
# Preferred permissions: root:root 0444
ssl_cert_file = /etc/ssl/certs/dovecot.pem
# Preferred permissions: root:root 0400
ssl_key_file = /etc/ssl/private/dovecot.pem

The certificate file can be world-readable, since it doesn't contain anything sensitive (in fact it's sent to each connecting SSL client). The key file's permissions should be restricted to only root (and possibly ssl-certs group or similar if your OS uses such). Dovecot opens both of these files while still running as root, so you don't need to give Dovecot any special permissions to read them (in fact: do not give dovecot user any permissions to the key file).

It's possible to keep the certificate and the key both in the same file:

# Preferred permissions: root:root 0400
ssl_cert_file = /etc/ssl/dovecot.pem
ssl_key_file = /etc/ssl/dovecot.pem

It's also possible to use different certificates for IMAP and POP3:

protocol imap {
  ssl_cert_file = /etc/ssl/certs/imap.pem
  ssl_key_file = /etc/ssl/private/imap.pem
}
protocol pop3 {
  ssl_cert_file = /etc/ssl/certs/pop3.pem
  ssl_key_file = /etc/ssl/private/pop3.pem
}

Password protected key files

SSL key files may be password protected. There are two ways to provide Dovecot with the password:

  1. ssl_key_password setting. Note that dovecot.conf is by default world-readable, so you should restrict the permissions more if you do this. However note that if you're using [:LDA:Dovecot LDA], it needs to be able to read dovecot.conf as whatever user it is running as.

  2. Starting Dovecot with dovecot -p asks the password. It's not stored anywhere, so this method prevents Dovecot from starting automatically at startup.

Chained SSL certificates

Put all the certificates in the ssl_cert_file file. For example when using a certificate signed by TDC the correct order is:

  1. Dovecot's public certificate
  2. TDC SSL Server CA
  3. TDC Internet Root CA
  4. Globalsign Partners CA

SSL security settings

When Dovecot starts up for the first time, it generates new 512bit and 1024bit Diffie Hellman parameters and saves them into <prefix>/var/lib/dovecot/ssl-parameters.ssl. After the initial creation they're by default regenerated every week. With newer computers the generation shouldn't take more than a few seconds, but with older computers it can take as long as half an hour. The extra security gained by the regeneration is quite small, so with slower computers you might want to disable it:

ssl_parameters_regenerate = 0

By default Dovecot v1.1+ allows all except the "LOW" and SSLv2 ciphers. See http://www.openssl.org/docs/apps/ciphers.html for a list of the ciphers. Disallowing more won't really gain any security for those using better ciphers, but it does prevent people from accidentally using insecure ciphers. You can change the cipher list with:

ssl_cipher_list = ALL:!LOW:!SSLv2

SSL verbosity

verbose_ssl = yes

This will make Dovecot log all the problems it sees with SSL connections. Some errors might be caused by dropped connections, so it could be quite noisy.

Client certificate verification/authentication

If you want to require clients to present a valid SSL certificate, you'll need these settings:

ssl_ca_file = /etc/ssl/ca.pem
ssl_verify_client_cert = yes

auth default {
  ssl_require_client_cert = yes
  #ssl_username_from_cert = yes
  ..
}

The CA file should contain the CA certificate(s), in PEM format, followed by the matching CRL(s), also in PEM format. Note that the CRLs are required to exist. To convert a DER format CRL (e.g. http://crl.cacert.org/class3-revoke.crl) into PEM format, use:

openssl crl -in class3-revoke.crl -inform DER -outform PEM > class3-revoke.pem

With the above settings if a client connects which doesn't present a certificate signed by one of the CAs in the ssl_ca_file, Dovecot won't let the user log in.

You may also force the username to be taken from the certificate by setting ssl_username_from_cert = yes. The username is taken from the subject's DN's CommonName field (using OpenSSL's X509_NAME_get_text_by_NID() function). Using ssl_cert_username_field = fieldname you can set which fieldname is used for a username (as of v1.1.alpha5 or later). This uses OpenSSL's OBJ_txt2nid() function. x500UniqueIdentifier is a common choice however fgrep LN_ /usr/include/openssl/objects.h should give a full list if you have a OpenSSL development package installed.

You may also want to disable the password checking completely. Doing this currently circumvents Dovecot's security model so it's not very recommended to use it, but it is possible by making the [:PasswordDatabase:passdb] return a NULL/empty password depending on what passdb you use.

None: SSL/DovecotConfiguration (last edited 2011-03-21 15:56:28 by TimoSirainen)