[Dovecot] Suggestion for dovecot default SSL configuration...
tss at iki.fi
Fri Aug 11 04:53:06 EEST 2006
On Mon, 2006-07-24 at 13:48 -0700, Douglas Moore wrote:
> First off, thanks for the effort on this software, it's a world
> better than the uw-imap that I used to have to deal with...
> This isn't a bug report per se, but rather a response to something
> that came up during some recent security scans. Given that SSLv2
> has it's share of issues, I'd like to suggest that you remove it from
> the default ciphers supplied with the source distribution. A
> simple :!SSLv2 added to the default cipher list would aid in the
> overall security of the package.
I'm not an expert in SSL, so I'd rather be sure that it's actually more
helpful than harmful. Does something still use SSLv2? If I do the
change, I guess the only thing it does is to break those clients that
still try to use it? Is its security already bad enough that it's just
better to break them?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060811/fd1b9b3f/attachment-0001.pgp
More information about the dovecot