Bernardo Reino said on Sun, 19 Nov 2023 09:04:15 +0100 (CET)
On Sun, 19 Nov 2023, Steve Litt wrote:
Michael Orlitzky said on Sat, 18 Nov 2023 17:31:49 -0500
On Sat, 2023-11-18 at 16:54 -0500, Steve Litt wrote:
I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit x86_64 Void Linux computer using runit for its init system. I populate Dovecot's Maildir via fetchmail and procmail.
You probably don't have to do anything. SSLv2 and SSLv3 have been disabled by default in OpenSSL for a while, and my dovecot default is,
# doveconf -d | grep ssl_min_protocol ssl_min_protocol = TLSv1.2
Nice! I'll make that change tomorrow. Thanks!
Note that the above is actually the *default*, at least in the debian 12 (bookworm) version, so you should not have do anything.
(and generally it is not recommended to deviate from defaults unless you really know what you're doing, otherwise you may end up actually worsening the security wrt the defaults).
Good luck.
Thanks Bernardo,
doveconf -d shows that I have no such config key as ssl_protocols, my ssl_min_protocol is TLSv1.2, and the default ssl_cipher_list is the following huge string:
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
Is the preceding the safest and most bug free, or should I modify it in dovecot.conf?
Thanks,
SteveT
Steve Litt
Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21