I have dovecot running as a pop3s server on port 995
it works great with sendmail and I run nessus to check security issues nessus reports this The SSLv2 server offers 3 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client software if necessary
I have previously disabled weak ciphers in apache but cannot figure out how to disable the weak ciphers in dovecot Any help would be appreciated
john
On Fri, 2004-04-23 at 17:51, John Wentworth wrote:
I have previously disabled weak ciphers in apache but cannot figure out how to disable the weak ciphers in dovecot Any help would be appreciated
Currently you'd have to edit src/login-common/ssl-proxy-openssl.c by hand. Default is #define SSL_CIPHER_LIST "ALL:!LOW". I guess Nessus has different idea of weak ciphers than OpenSSL. I'll add in TODO that this should be configurable in config file as well.
participants (2)
-
John Wentworth
-
Timo Sirainen