[Dovecot] How do I make dovecot not use sslv2 for pop?
Patrick Horgan
patrick at ootbcomp.com
Sat Jan 30 04:39:40 EET 2010
Timo Sirainen wrote:
> So I guess what happens is that OpenSSL advertises that it supports
> SSLv2. But then the ssl_cipher_list's !SSLv2 doesn't let the SSLv2
> handshake actually go through. So it's not really possible to use SSLv2.
> You can verify this with:
>
> openssl s_client -ssl2 -connect localhost:995
>
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Out of the Box
Computing/CN=ootbcomp.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Out of the Box
Computing/CN=ootbcomp.com
verify return:1
10171:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher
list:s2_clnt.c:450:
So you're saying that because the last line shows the cipher list
stopping it, then the security problems with sslv2 can't bite me?
Patrick
More information about the dovecot
mailing list