[rhelv6-list] SSLv3 and dovecot
Orion Poplawski
orion at cora.nwra.com
Tue Oct 21 15:02:20 UTC 2014
On 10/21/2014 08:37 AM, Leon Fauster wrote:
> Am 21.10.2014 um 15:53 schrieb Cale Fairchild <cfairchild at brocku.ca>:
>> From what I have read, the version of dovecot distributed in RedHat 6 does not allow SSLv3 to be disabled through the configuration file but rather must be patched in the source. Has anyone heard anything about a release with that patch applied?
>>
>> I am afraid with an educational site license I can not submit tickets, just Bugzilla reports which I do not believe will allow me to inquire the time frame of a fix. So I was hoping someone on this list with a support contract may have already inquired.
>
>
>
> I do not run dovecot but have you tried to disable SSLv3 via "ssl_cipher_list"
> parameter? A valid argument could be 'ALL:!SSLv2:!SSLv3' ...
>
There may be a way, but that doesn't work. Issue is with the protocol, not
ciphers.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the rhelv6-list
mailing list