On Thu, 2010-11-18 at 20:41 +0100, Thijs Kinkhorst wrote: > After installing dovecot it comes with insecure SSL ciphers enabled by > Luckily I saw that SSLv2 is now default disabled, but even with SSLv3 > and TLSv1 dovecot enables 40 bit ciphers: > > EXP-EDH-RSA-DES-CBC-SHA 40 bits > EXP-RC4-MD5 40 bits > EXP-DES-CBC-SHA 40 bits > EXP-RC2-CBC-MD5 40 bits
I think those are disabled by !EXP? > ssl_cipher_list = HIGH:MEDIUM:!ADH:+TLSv1:!SSLv2:+SSLv3 v2.0 uses by default: ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL This makes it pass PCI Scanning. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
