Timo Sirainen
2006-Aug-11 01:53 UTC
[Dovecot] Suggestion for dovecot default SSL configuration...
On Mon, 2006-07-24 at 13:48 -0700, Douglas Moore wrote:> First off, thanks for the effort on this software, it's a world > better than the uw-imap that I used to have to deal with... > > This isn't a bug report per se, but rather a response to something > that came up during some recent security scans. Given that SSLv2 > has it's share of issues, I'd like to suggest that you remove it from > the default ciphers supplied with the source distribution. A > simple :!SSLv2 added to the default cipher list would aid in the > overall security of the package.I'm not an expert in SSL, so I'd rather be sure that it's actually more helpful than harmful. Does something still use SSLv2? If I do the change, I guess the only thing it does is to break those clients that still try to use it? Is its security already bad enough that it's just better to break them? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060811/fd1b9b3f/attachment.bin>
Possibly Parallel Threads
- Restricting SSL/TLS protocol versions on Dovecot 2.2.22
- dovecot on wheezy, best ssl configuration ?
- Apache + SSL: default configuration rated "C" by Qualys Labs
- Apache + SSL: default configuration rated "C" by Qualys Labs
- Restricting SSL/TLS protocol versions on Dovecot 2.2.22