Re: dovecot on wheezy, best ssl configuration ?

Am 09.01.2015 um 22:30 schrieb ml@ruggedinbox.com:

On 2015-01-09 08:34, Charles Marcus wrote:

...

On 1/9/2015 3:06 AM, Philipp Resch wrote:

...

It seems as if claws mail is preferring SSLv3

And since dovecot is really not affected by the poodle vulnerability, if you can't upgrade (I believe 2.2 is in the backports repo?), probably easiest to just reenable SSLv3...

Hi thanks Charles and thanks to all for your help. We decided to reenable SSLv3. We'll upgrade Dovecot when Debian will officially dist upgrade to version 8 :)

update https://bugzilla.redhat.com/show_bug.cgi?id=1153970 http://git.claws-mail.org/?p=claws.git;a=commit;h=c6dc3e229f361f11ab4920d84b... http://git.claws-mail.org/?p=claws.git;a=patch;h=c6dc3e229f361f11ab4920d84bb...

From c6dc3e229f361f11ab4920d84bb11b5821bc4e86 Mon Sep 17 00:00:00 2001 From: Colin Leroy Date: Thu, 16 Oct 2014 14:35:46 +0200 Subject: [PATCH] Disable SSL3.0 entirely as a Poodle fix.

--- src/common/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/ssl.c b/src/common/ssl.c index f612299..569c808 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -323,7 +323,7 @@ gboolean ssl_init_socket(SockInfo *sockinfo) sockinfo->gnutls_priority, r); } else { - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL); } gnutls_record_disable_padding(session); -- 1.7.10.4 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein