Disabling SSLv3 protocol
Jelmer Vernooij
jelmer at debian.org
Sun Nov 9 16:22:36 UTC 2014
On Tue, Oct 14, 2014 at 12:25:32PM -0700, Timo Sirainen wrote:
> Since people are now talking about the SSLv3 security hole and how to disable it, here's a thread where you can talk about that. In Dovecot v2.1+ you can disable SSLv3 by setting:
>
> ssl_protocols = !SSLv2 !SSLv3
>
> In older versions you'd have to patch the source code. Attached a patch against v2.0.
Do you have any plans to make this (SSLv3 disabled) the new default for
ssl_protocols? I'm considering doing this in the Debian package.
Cheers,
Jelmer
More information about the dovecot
mailing list