I have dovecot running as a pop3s server on port
995
it works great with sendmail
and
I run nessus to check security issues
nessus reports this
The SSLv2 server offers 3 strong ciphers, but
also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium
ciphers may be chosen by an export-grade
or badly configured client software.
They only offer a
limited protection against a brute force
attack
Solution: disable those ciphers and upgrade your
client
software if necessary
I have previously disabled weak ciphers in apache
but cannot figure out how to disable the weak
ciphers in
dovecot
Any help would be appreciated
john