[PATCH] ssl: fix reference to SSLv2 and disable SSLv3

15 Nov 2016

This is driven by the fact that OpenSSL 1.1 does not know about SSLv2 at
all and dovecot's defaults simply make OpenSSL error out with "Unknown
protocol 'SSLv2'"[1]. So we change the defaults to refer to SSLv2 iff OpenSSL
seems to know something about it.

While at it, it's also a good idea to disable SSLv3 by default as well.

[1] https://bugs.debian.org/844347

Signed-off-by: Apollon Oikonomopoulos 
---
 doc/example-config/conf.d/10-ssl.conf        | 2 +-
 src/lib-master/master-service-ssl-settings.c | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf
index 31b750c..2cd445b 100644
--- a/doc/example-config/conf.d/10-ssl.conf
+++ b/doc/example-config/conf.d/10-ssl.conf
@@ -46,7 +46,7 @@ ssl_key = 

    

Apollon Oikonomopoulos

Aki Tuomi

tags

participants (2)