Site (RSS, Atom)
Weblog status
Total entries: 50
Last entry: 2016-10-17 22:22:03
Last updated: 2016-10-18 07:57:57
powered by vim, bash, cat, grep, sed, and nb 3.4.2

2014-10-13 13:40:47

Cipher logging for Dovecot on RHEL / Centos 5

Dovecot on RHEL / Centos 5 has version 1.0.7. In this version it's not possible to use '%k' as a Dovecot variable for login_log_format_elements because that feature is only available since Dovecot 1.1.3.

If you want a special cipher suite for i.e. Forward Secrecy then you can't see it in the logs by appending '%k' to login_log_format_elements. You can use a small test script to check for supported ciphers but you can't "see" which ciphers other real world imap clients use on your Dovecot server.

To enable cipher logging in RHEL 5 Dovecot you must recompile / rebuild it. I made a backport of the commit 0177096cefe5 from Dovecot 1.1.3 to Dovecot 1.0.7. My patch does only minimum mods to the package source. You can also use my Source RPM package with the builtin patch to quickly rebuild Dovecot for yourself.

Update 2015-08-09: The package is included in the tuxad repo.

Posted by Frank W. Bergmann | Permanent link | File under: logging, ssl, encryption, rpm, yum, repository, redhat