Commit b205fadd authored by Mickaël Guessant's avatar Mickaël Guessant

Doc: Add TLS settings documentation from support request #289

git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@2462 3d1905a2-6b24-0410-a738-b14d5a86fcbd
parent 4db235d0
......@@ -50,6 +50,17 @@ davmail.ssl.keystorePass=password]]></source>
You will also need to enable SSL in client applications and manually accept the certificate as it's
not signed by a trusted Certification Authority.
</p>
<p><b>Improving DavMail TLS listener security level</b></p>
<p>In order to improve TLS security, DavMail internally forces the following parameters:
</p>
<source>jdk.tls.rejectClientInitiatedRenegotiation=true
jdk.tls.ephemeralDHKeySize=2048</source>
<p>As DavMail is a java application, you can further improve security level means by java security properties.
Edit jre/lib/security/java.security and adjust the following line to your requirements:
</p>
<source>jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize &lt; 768, EC keySize &lt; 224</source>
<p>Alternative: create a custom java.security file with the above line and tell DavMail to use it:</p>
<source>-Djava.security.properties=<i>/path/to/java.security</i></source>
</subsection>
<subsection name="DavMail to Exchange">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment