I have dovecot running as a pop3s server on port 
995
 
it works great with sendmail
and 
I run nessus to check security issues
nessus reports this
The SSLv2 server offers 3 strong ciphers, but 
also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium 
ciphers may be chosen by an export-grade
or badly configured client software. 
They only offer a 
limited protection against a brute force 
attack
 
Solution: disable those ciphers and upgrade your 
client
software if necessary
I have previously disabled weak ciphers in apache 
but cannot figure out how to disable the weak 
ciphers in
dovecot
Any help would be appreciated
 
john