On 26/02/2011 14:36, Thijs Kinkhorst wrote:
> On Thursday 18 November 2010 21:02:11 Timo Sirainen wrote:
>> v2.0 uses by default:
>>
>> ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
> Yes, this looks good, so the bug can be closed when 2.0 is uploaded. Will
> that
> happen sometime soon?
>
>
On Thursday 18 November 2010 21:02:11 Timo Sirainen wrote:
> v2.0 uses by default:
>
> ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
Yes, this looks good, so the bug can be closed when 2.0 is uploaded. Will that
happen sometime soon?
Thijs
signature.asc
Description: This is a digitally signe
On Thu, 2010-11-18 at 20:41 +0100, Thijs Kinkhorst wrote:
> After installing dovecot it comes with insecure SSL ciphers enabled by
> Luckily I saw that SSLv2 is now default disabled, but even with SSLv3
> and TLSv1 dovecot enables 40 bit ciphers:
>
> EXP-EDH-RSA-DES-CBC-SHA 40 bits
> EXP-RC4-MD5
Package: dovecot
Version: 1:1.2.15-3
Severity: important
Tags: security
Hi,
After installing dovecot it comes with insecure SSL ciphers enabled by
Luckily I saw that SSLv2 is now default disabled, but even with SSLv3
and TLSv1 dovecot enables 40 bit ciphers:
EXP-EDH-RSA-DES-CBC-SHA 40 bits
EXP-R
4 matches
Mail list logo
