dovecot-2.0-sslstream: ssl_ciphers_list: Disable anonymous and e...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0-sslstream/rev/c80eb856a742
changeset: 10113:c80eb856a742
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Oct 20 19:20:42 2009 -0400
description:
ssl_ciphers_list: Disable anonymous and export ciphers by default.

diffstat:

2 files changed, 2 insertions(+), 2 deletions(-)
doc/example-config/conf.d/ssl.conf |    2 +-
src/login-common/login-settings.c  |    2 +-

diffs (21 lines):

diff -r 9a71228ea41c -r c80eb856a742 doc/example-config/conf.d/ssl.conf
--- a/doc/example-config/conf.d/ssl.conf	Tue Oct 20 18:11:00 2009 -0400
+++ b/doc/example-config/conf.d/ssl.conf	Tue Oct 20 19:20:42 2009 -0400
@@ -38,4 +38,4 @@ ssl_key = </etc/ssl/private/dovecot.pem
 #ssl_parameters_regenerate = 168
 
 # SSL ciphers to use
-#ssl_cipher_list = ALL:!LOW:!SSLv2
+#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
diff -r 9a71228ea41c -r c80eb856a742 src/login-common/login-settings.c
--- a/src/login-common/login-settings.c	Tue Oct 20 18:11:00 2009 -0400
+++ b/src/login-common/login-settings.c	Tue Oct 20 19:20:42 2009 -0400
@@ -55,7 +55,7 @@ static struct login_settings login_defau
 	MEMBER(ssl_key) "",
 	MEMBER(ssl_key_password) "",
 	MEMBER(ssl_parameters_file) "ssl-parameters.dat",
-	MEMBER(ssl_cipher_list) "ALL:!LOW:!SSLv2",
+	MEMBER(ssl_cipher_list) "ALL:!LOW:!SSLv2:!EXP:!aNULL",
 	MEMBER(ssl_cert_username_field) "commonName",
 	MEMBER(ssl_verify_client_cert) FALSE,
 	MEMBER(ssl_require_client_cert) FALSE,