Everyone, I am having an issue with getting anonymous ssl ciphers disabled in dovecot. I have googled like crazy to find the solution with no help. Here is my doveconf -n # 1.2.5: /etc/dovecot.conf # OS: Linux 2.6.18-92.el5 x86_64 CentOS release 5.2 (Final) nfs log_path: /var/log/dovecot ssl_cert_file: /etc/ssl/islandemail.com.wild.cert ssl_key_file: /etc/ssl/islandemail.com.wild.key ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: Island Email - Ready. login_process_per_connection: no login_process_size: 512 login_processes_count: 100 login_max_processes_count: 500 login_max_connections: 1000 max_mail_processes: 5000 mail_max_userip_connections: 2000 verbose_proctitle: yes first_valid_uid: 5000 first_valid_gid: 5000 mail_debug: yes mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mbox_read_locks: dotlock mbox_write_locks: dotlock mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_size: 512 mail_plugins(default): mail_log mail_plugins(imap): mail_log mail_plugins(pop3): mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 pop3_save_uidl(default): no pop3_save_uidl(imap): no pop3_save_uidl(pop3): yes pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u lda: postmaster_address: xxxx at xxxxx.xxxx mail_plugins: sieve log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login digest-md5 cram-md5 failure_delay: 1 verbose: yes debug: yes debug_passwords: yes worker_max_count: 100 passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: mailowner group: mailowner plugin: mail_log_events: delete undelete expunge copy mailbox_delete mailbox_rename thanks in advance. Jeff N.
On Mon, 2009-11-23 at 12:22 -0800, Jeffrey Nikoletich wrote:> I am having an issue with getting anonymous ssl ciphers disabled in dovecot. I have googled like crazy to find the solution with no help...> ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3Dovecot v2.0's default is: ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL The important part for disabling anonymous ciphers is the !aNULL. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091123/844e9ecd/attachment-0002.bin>