[PATCH] Add support for lower TLS version than default

Timo Sirainen tss at iki.fi
Sun Aug 27 09:32:06 EEST 2017


On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior <sebastian at breakpoint.cc> wrote:
> 
> The openssl library in Debian unstable (targeting Buster) supports
> TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
> If the admin decides to also support TLS1.[01] users he can then enable
> the lower protocol version in case the users can't update their system.
..
> 	DEF(SET_STR, ssl_protocols),
> 	DEF(SET_STR, ssl_cert_username_field),
> 	DEF(SET_STR, ssl_crypto_device),
> +	DEF(SET_STR, ssl_lowest_version),

Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?



More information about the dovecot mailing list