[Dovecot] disabling SSLv2 in dovecot 1.2.17
Mark Alan
varia at e-healthexpert.org
Fri Mar 9 11:35:17 EET 2012
On Thu, 08 Mar 2012 19:04:47 +0000, Steve Platt
<steve.platt at mrc-bsu.cam.ac.uk> wrote:
> I've set up a list of ciphers that excludes SSLv2 ciphers (and other
> weak ones) in the hope of preventing SSLv2 connections:
>
> ssl_cipher_list = TLSv1+HIGH : !SSLv2 :
> RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH
>
> I tried making the same change to dovecot1's src tree on our test
> system and it seems to have the desired effect;
No need to change sources.
Try this and see if it serves your purpose:
ssl = required
ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES
M.
More information about the dovecot
mailing list