25 Apr
2004
25 Apr
'04
11:37 p.m.
On Fri, 2004-04-23 at 17:51, John Wentworth wrote:
I have previously disabled weak ciphers in apache but cannot figure out how to disable the weak ciphers in dovecot Any help would be appreciated
Currently you'd have to edit src/login-common/ssl-proxy-openssl.c by hand. Default is #define SSL_CIPHER_LIST "ALL:!LOW". I guess Nessus has different idea of weak ciphers than OpenSSL. I'll add in TODO that this should be configurable in config file as well.