[Dovecot] SSL Ciphers

John Wentworth john at sysful.com
Fri Apr 23 17:49:01 EEST 2004


I have dovecot running as a pop3s server on port 995

it works great with sendmail
and 
I run nessus to check security issues
nessus reports this
The SSLv2 server offers 3 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a 
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary

I have previously disabled weak ciphers in apache 
but cannot figure out how to disable the weak ciphers in
dovecot
Any help would be appreciated

john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040423/fe036c98/attachment-0002.html>


More information about the dovecot mailing list