9 Mar
2016
9 Mar
'16
2:14 p.m.
On 09/03/16 10:44, Florent B wrote:
Hi,
I don't see any SSL configuration option in Dovecot to disable "Client-initiated secure renegotiation".
It is advised to disable it as it can cause DDoS (CVE-2011-1473).
Is it possible to have this possibility through an SSL option or other ?
Thank you.
Florent ssl_protocols = !SSLv3 !SSLv2
Is that enough?