[Dovecot] How do I make dovecot not use sslv2 for pop?

Timo Sirainen tss at iki.fi
Fri Jan 29 02:22:31 EET 2010


On Thu, 2010-01-28 at 15:23 -0800, Patrick Horgan wrote:

> Just a bump, still have the problem, why would dovecot support sslv2 for 
> pop, but not for imap, when it's configured to not support  sslv2 at all?

I don't know why your nmap run would have shown only one of them
supporting SSLv2, it should have shown both. And that's because I
initialize OpenSSL with:

	ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());

So I guess what happens is that OpenSSL advertises that it supports
SSLv2. But then the ssl_cipher_list's !SSLv2 doesn't let the SSLv2
handshake actually go through. So it's not really possible to use SSLv2.
You can verify this with:

openssl s_client -ssl2 -connect localhost:995

Anyway.. I guess I should do something about this. Not really sure what,
though.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100129/69191313/attachment.bin 


More information about the dovecot mailing list