[PATCH] Add support for lower TLS version than default
Aki Tuomi
aki.tuomi at dovecot.fi
Sun Aug 27 11:12:28 EEST 2017
On 2017-08-27 09:32, Timo Sirainen wrote:
> On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior <sebastian at breakpoint.cc> wrote:
>> The openssl library in Debian unstable (targeting Buster) supports
>> TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
>> If the admin decides to also support TLS1.[01] users he can then enable
>> the lower protocol version in case the users can't update their system.
> ..
>> DEF(SET_STR, ssl_protocols),
>> DEF(SET_STR, ssl_cert_username_field),
>> DEF(SET_STR, ssl_crypto_device),
>> + DEF(SET_STR, ssl_lowest_version),
> Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?
I think we should set the min protocol version from ssl_protocols, by
looking at the lowest SSL protocol field there.
Aki
More information about the dovecot
mailing list