[Dovecot] How do I make dovecot not use sslv2 for pop?
Rob Middleton
robm-dovecot at centenary.org.au
Fri Jan 29 15:48:49 EET 2010
On 29/01/2010 6:56 PM, Timo Sirainen wrote:
> On 29.1.2010, at 9.23, Andreas Schulze wrote:
>
>>> From: Timo Sirainen<tss at iki.fi>
>>> Subject: Re: [Dovecot] How do I make dovecot not use sslv2 for pop?
>>> Message-ID:<1264724551.22202.139.camel at hurina>
>>>
>>> Anyway.. I guess I should do something about this. Not really sure what,
>>> though.
>>>
>> Timo,
>>
>> you can simply stop supporting SSLv2.
>> Nobody really needs security known to be insecure.
>>
> Yeah. I'm actually more wondering about SSLv3+TLSv1 vs. TLSv1. Apparently disabling SSLv3 isn't a good idea yet? But still, maybe there should be a configuration option for that.. Or maybe not.
>
The only SSLv3 connections my server is receiving are from a Blackberry
server (hosted, not enterprise). I would be quite happy to disable that
and insist folk get iPhones instead ... but the bosses may be unhappy.
I don't have anything ancient like Outlook Express connecting to me -
older versions of that probably have a similar problem to Internet
Explorer 6. However should at least cope with SSLv3.
Blackberry server is connecting as: "SSLv3 with cipher AES128-SHA
(128/128 bits)"
(%k in dovecot login_log_format_elements)
Rob.
More information about the dovecot
mailing list