10 May
2020
10 May
'20
2:18 a.m.
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”.
Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread.
If the ciphersuite (not cipher for that's a TLSv1.2 term), but a ciphersuite for TLSv1.3.... needs to have its set of ciphers:
- Reordered, or
- disabled
We cannot do it at the moment given this snapshot of Dovecot.