ssl_min_protocol = TLSv1.3 does not work
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Nov 27 09:13:39 EET 2019
On 26.11.2019 19.34, Laurens Post via dovecot wrote:
> Hi all,
>
> I'm trying to set up my server with support for TLS 1.3 only, but that
> does not seem to be supported.
> First off, TLS 1.3 itself does work fine, so it's not the config or
> ssl library, and 1.3-only works fine with Postfix. The problem is only
> in disabling TLS 1.2 for Dovecot.
> On connection, I'm getting an error that 1.3 is an "Unknown
> ssl_min_protocol setting".
> Reading the source code, it seems that
> `openssl_min_protocol_to_options` in
> `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an
> entry like
>
> { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
> SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 }
>
> Is this a bug, something intentional, or has it simply not been added
> yet because nobody has been crazy enough to ask for it?
>
> Kind regards,
>
> Laurens
Hi!
Just haven't gotten round to implement this yet. Will get there.
Aki
More information about the dovecot
mailing list