Dovecot: drops SSLv2 and SSLv3 via ssl_protocols

author Silvio Rhatto <rhatto@riseup.net>

Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)
diff --git a/templates/dovecot/dovecot.conf.wheezy.erb b/templates/dovecot/dovecot.conf.wheezy.erb

index cf2d720b66c869fb62fa062bcefe2f009132a037..0d18b859d0eb50737f1c2b66aba65a1a528d124b 100644 (file)
--- a/templates/dovecot/dovecot.conf.wheezy.erb
+++ b/templates/dovecot/dovecot.conf.wheezy.erb
@@ -40,7 +40,10 @@ ssl_key = </etc/ssl/private/cert.pem
  
  # SSL ciphers to use
  # See http://www.virtualmin.com/node/25057
+#     https://zmap.io/sslv3/servers.html
+#     https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher
  ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3
+ssl_protocols = !SSlv2 !SSLv3
  
  userdb {
    args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes
author	Silvio Rhatto <rhatto@riseup.net>
	Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Fri, 19 Aug 2016 18:33:51 +0000 (15:33 -0300)