[Dovecot] disabling SSLv2 in dovecot 1.2.17

Mark Alan varia at e-healthexpert.org
Fri Mar 9 11:35:17 EET 2012


On Thu, 08 Mar 2012 19:04:47 +0000, Steve Platt
<steve.platt at mrc-bsu.cam.ac.uk> wrote:

> I've set up a list of ciphers that excludes SSLv2 ciphers (and other
> weak ones) in the hope of preventing SSLv2 connections:
> 
>  ssl_cipher_list = TLSv1+HIGH : !SSLv2 :
> RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH
> 
> I tried making the same change to dovecot1's src tree on our test
> system and it seems to have the desired effect;

No need to change sources.
Try this and see if it serves your purpose:

ssl = required
ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES

M.



More information about the dovecot mailing list