Re: [Dovecot] How do I make dovecot not use sslv2 for pop?
you can simply stop supporting SSLv2. Nobody really needs security known to be insecure.
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On 29.1.2010, at 9.23, Andreas Schulze wrote:
Yeah. I'm actually more wondering about SSLv3+TLSv1 vs. TLSv1. Apparently disabling SSLv3 isn't a good idea yet? But still, maybe there should be a configuration option for that.. Or maybe not.
On 29/01/2010 6:56 PM, Timo Sirainen wrote:
The only SSLv3 connections my server is receiving are from a Blackberry server (hosted, not enterprise). I would be quite happy to disable that and insist folk get iPhones instead ... but the bosses may be unhappy.
I don't have anything ancient like Outlook Express connecting to me - older versions of that probably have a similar problem to Internet Explorer 6. However should at least cope with SSLv3.
Blackberry server is connecting as: "SSLv3 with cipher AES128-SHA (128/128 bits)" (%k in dovecot login_log_format_elements)
Rob.
participants (3)
-
Andreas Schulze
-
Rob Middleton
-
Timo Sirainen