18 Nov
2023
18 Nov
'23
11:54 p.m.
Steve Litt said on Sat, 18 Nov 2023 16:42:42 -0500
Hi all,
Ten years after the fact I learned about POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerabilities, which enable a poorly configured server to force my client to downgrade to vulnerable encryption.
My current conf.d/10-ssl.conf contains the following line:
[snip]
I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit x86_64 Void Linux computer using runit for its init system. I populate Dovecot's Maildir via fetchmail and procmail.
Thanks,
SteveT
Steve Litt
Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21