dovecot on wheezy, best ssl configuration ?
Robert Schetterer
rs at sys4.de
Fri Jan 9 23:15:23 UTC 2015
Am 09.01.2015 um 22:30 schrieb ml at ruggedinbox.com:
> On 2015-01-09 08:34, Charles Marcus wrote:
>> On 1/9/2015 3:06 AM, Philipp Resch <philipp at devh.de> wrote:
>>> It seems as if claws mail is preferring SSLv3
>>
>> And since dovecot is really not affected by the poodle vulnerability, if
>> you can't upgrade (I believe 2.2 is in the backports repo?), probably
>> easiest to just reenable SSLv3...
>
>
> Hi thanks Charles and thanks to all for your help.
> We decided to reenable SSLv3.
> We'll upgrade Dovecot when Debian will officially dist upgrade to
> version 8 :)
update
https://bugzilla.redhat.com/show_bug.cgi?id=1153970
http://git.claws-mail.org/?p=claws.git;a=commit;h=c6dc3e229f361f11ab4920d84bb11b5821bc4e86
http://git.claws-mail.org/?p=claws.git;a=patch;h=c6dc3e229f361f11ab4920d84bb11b5821bc4e86
>From c6dc3e229f361f11ab4920d84bb11b5821bc4e86 Mon Sep 17 00:00:00 2001
From: Colin Leroy <colin at colino.net>
Date: Thu, 16 Oct 2014 14:35:46 +0200
Subject: [PATCH] Disable SSL3.0 entirely as a Poodle fix.
---
src/common/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/common/ssl.c b/src/common/ssl.c
index f612299..569c808 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -323,7 +323,7 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
sockinfo->gnutls_priority, r);
}
else {
- gnutls_priority_set_direct(session, "NORMAL", NULL);
+ gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
}
gnutls_record_disable_padding(session);
--
1.7.10.4
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list