[PATCH] Add support for lower TLS version than default

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Sun Aug 27 13:46:59 EEST 2017


On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote:
>> 	DEF(SET_STR, ssl_protocols),
>> 	DEF(SET_STR, ssl_cert_username_field),
>> 	DEF(SET_STR, ssl_crypto_device),
>> +	DEF(SET_STR, ssl_lowest_version),
>
>Does it really require a new setting? Couldn't it use the existing
>ssl_protocols setting?
You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+.
If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too. 

Sebastian


More information about the dovecot mailing list