Commit b205fadd authored by Mickaël Guessant's avatar Mickaël Guessant

Doc: Add TLS settings documentation from support request #289

git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@2462 3d1905a2-6b24-0410-a738-b14d5a86fcbd
parent 4db235d0
...@@ -50,6 +50,17 @@ davmail.ssl.keystorePass=password]]></source> ...@@ -50,6 +50,17 @@ davmail.ssl.keystorePass=password]]></source>
You will also need to enable SSL in client applications and manually accept the certificate as it's You will also need to enable SSL in client applications and manually accept the certificate as it's
not signed by a trusted Certification Authority. not signed by a trusted Certification Authority.
</p> </p>
<p><b>Improving DavMail TLS listener security level</b></p>
<p>In order to improve TLS security, DavMail internally forces the following parameters:
</p>
<source>jdk.tls.rejectClientInitiatedRenegotiation=true
jdk.tls.ephemeralDHKeySize=2048</source>
<p>As DavMail is a java application, you can further improve security level means by java security properties.
Edit jre/lib/security/java.security and adjust the following line to your requirements:
</p>
<source>jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize &lt; 768, EC keySize &lt; 224</source>
<p>Alternative: create a custom java.security file with the above line and tell DavMail to use it:</p>
<source>-Djava.security.properties=<i>/path/to/java.security</i></source>
</subsection> </subsection>
<subsection name="DavMail to Exchange"> <subsection name="DavMail to Exchange">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment