Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Alexander Dalloz
ad+lists at uni-x.org
Mon Jul 30 01:02:46 EEST 2018
Am 29.07.2018 um 21:02 schrieb J Doe:
> Hello,
>
> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
>
> In: 10-ssl.conf there are two parameters:
>
> ssl_protocols
> ssl_cipher_list
>
> ssl_protocols is commented with “SSL protocol to use” and ssl_cipher_list is commented with “SSL ciphers to use”.
>
> If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in
> ssl_cipher_list do the same thing ?
>
> So is:
>
> ssl_cipher_list = !SSLv3
>
> …equivalent to:
>
> ssl_protocols = !SSLv3
> ssl_cipher_list = !SSLv3
No. SSLv3 is not a cipher but a protocol.
"ssl_protocols = !SSLv2 !SSLv3" is what you want to specify.
For ciphers you could define by ssl_cipher_list see "openssl ciphers -v"
> Thanks,
>
> - J
Alexander
More information about the dovecot
mailing list