dovecot on wheezy, best ssl configuration ?

Robert Schetterer rs at sys4.de
Fri Jan 9 23:15:23 UTC 2015


Am 09.01.2015 um 22:30 schrieb ml at ruggedinbox.com:
> On 2015-01-09 08:34, Charles Marcus wrote:
>> On 1/9/2015 3:06 AM, Philipp Resch <philipp at devh.de> wrote:
>>> It seems as if claws mail is preferring SSLv3
>>
>> And since dovecot is really not affected by the poodle vulnerability, if
>> you can't upgrade (I believe 2.2 is in the backports repo?), probably
>> easiest to just reenable SSLv3...
> 
> 
> Hi thanks Charles and thanks to all for your help.
> We decided to reenable SSLv3.
> We'll upgrade Dovecot when Debian will officially dist upgrade to
> version 8 :)

update

https://bugzilla.redhat.com/show_bug.cgi?id=1153970

http://git.claws-mail.org/?p=claws.git;a=commit;h=c6dc3e229f361f11ab4920d84bb11b5821bc4e86

http://git.claws-mail.org/?p=claws.git;a=patch;h=c6dc3e229f361f11ab4920d84bb11b5821bc4e86

>From c6dc3e229f361f11ab4920d84bb11b5821bc4e86 Mon Sep 17 00:00:00 2001
From: Colin Leroy <colin at colino.net>
Date: Thu, 16 Oct 2014 14:35:46 +0200
Subject: [PATCH] Disable SSL3.0 entirely as a Poodle fix.


---
 src/common/ssl.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/ssl.c b/src/common/ssl.c
index f612299..569c808 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -323,7 +323,7 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
 			    sockinfo->gnutls_priority, r);
 	}
 	else {
-		gnutls_priority_set_direct(session, "NORMAL", NULL);
+		gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
 	}
 	gnutls_record_disable_padding(session);

-- 
1.7.10.4


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the dovecot mailing list