29 Jan
2010
29 Jan
'10
2:22 a.m.
On Thu, 2010-01-28 at 15:23 -0800, Patrick Horgan wrote:
Just a bump, still have the problem, why would dovecot support sslv2 for pop, but not for imap, when it's configured to not support sslv2 at all?
I don't know why your nmap run would have shown only one of them supporting SSLv2, it should have shown both. And that's because I initialize OpenSSL with:
ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());So I guess what happens is that OpenSSL advertises that it supports SSLv2. But then the ssl_cipher_list's !SSLv2 doesn't let the SSLv2 handshake actually go through. So it's not really possible to use SSLv2. You can verify this with:
openssl s_client -ssl2 -connect localhost:995
Anyway.. I guess I should do something about this. Not really sure what, though.