[Dovecot] How to disable SSL and TLSv1.1?

Reindl Harald h.reindl at thelounge.net
Tue Sep 10 02:09:20 EEST 2013

Am 09.09.2013 22:56, schrieb Darren Pilgrim:
> I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0.  Clients will opportunistically use
> TLS 1.1 and 1.2, but now I want require they do so.  Is it enough to set
> ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5
> or are there additional settings I need to specify?

and what clients do you imagine to connect?

on most widely used distributions you even have no openssl
version supporting TLS 1.2 and so you lock them all out

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130910/f99306f7/attachment.bin>

More information about the dovecot mailing list