Hi, I am Yoshi, Japanese.
I used
FreeBSD 10.1 Dovecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine. But, change
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4
( SSLV3 -> SSLv3 )
I did trouble.
/var/log/maillog
Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session=<5e9 zuO0LVwB+PO8D>
Is this bug ? or I did miss setting ?
Thank you for reading.
Yoshi
Am 05.01.2015 um 21:53 schrieb Yoshito Takeuchi:
I used
FreeBSD 10.1 Dovecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine. But, change
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4
( SSLV3 -> SSLv3 )
I did trouble
/var/log/maillog
Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session=<5e9 zuO0LVwB+PO8D>
Is this bug ? or I did miss setting?
!SSLV3 was wrong and not recognized !SSLv3 is recognized but bullshit since you want to disable SSLv3 but not all ciphers which are still valid for newer TLS versions
you do that already correctly with "ssl_protocols"
Hi Reindl Harald
Thank you for your reply. I got it.
I changed my /usr/local/etc/dovecot/local.conf below.
ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4
It's work fine.
Thank you again
Yoshi
2015-01-06 5:59 GMT+09:00 Reindl Harald <h.reindl@thelounge.net>:
Am 05.01.2015 um 21:53 schrieb Yoshito Takeuchi:
I used
FreeBSD 10.1 Dovecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine. But, change
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4
( SSLV3 -> SSLv3 )
I did trouble
/var/log/maillog
Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session=<5e9 zuO0LVwB+PO8D>
Is this bug ? or I did miss setting?
!SSLV3 was wrong and not recognized !SSLv3 is recognized but bullshit since you want to disable SSLv3 but not all ciphers which are still valid for newer TLS versions
you do that already correctly with "ssl_protocols"
participants (2)
-
Reindl Harald
-
Yoshito Takeuchi