Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
Steve Egbert
s.egbert at sbcglobal.net
Sun May 10 02:18:09 EEST 2020
>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
>
> There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”.
Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for
its entirety of this thread.
If the ciphersuite (not cipher for that's a TLSv1.2 term), but a
ciphersuite for TLSv1.3.... needs to have its set of ciphers:
* Reordered, or
* disabled
We cannot do it at the moment given this snapshot of Dovecot.
More information about the dovecot
mailing list