[PATCH] Add support for lower TLS version than default
Aki Tuomi
aki.tuomi at dovecot.fi
Sun Aug 27 13:47:50 EEST 2017
On 2017-08-27 13:46, Sebastian Andrzej Siewior wrote:
> On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote:
>>> DEF(SET_STR, ssl_protocols),
>>> DEF(SET_STR, ssl_cert_username_field),
>>> DEF(SET_STR, ssl_crypto_device),
>>> + DEF(SET_STR, ssl_lowest_version),
>> Does it really require a new setting? Couldn't it use the existing
>> ssl_protocols setting?
> You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+.
> If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
>
> Sebastian
Yes, that was the plan.
Aki
More information about the dovecot
mailing list