23 Apr
2004
23 Apr
'04
4:51 p.m.
I have dovecot running as a pop3s server on port 995
it works great with sendmail and I run nessus to check security issues nessus reports this The SSLv2 server offers 3 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client software if necessary
I have previously disabled weak ciphers in apache but cannot figure out how to disable the weak ciphers in dovecot Any help would be appreciated
john