Thanks! You have the more correct fix:
From: https://www.openssl.org/docs/man1.1.0/man3/TLSv1_client_method.html
"TLS_method(), TLS_server_method(), TLS_client_method()
These are the general-purpose version-flexible SSL/TLS methods. The
actual protocol version used will be negotiated to the hi
Thanks for reporting back. For whatever its worth, the equivalent fix on 2.5+
uses "TLS_client_method()", not "TLSv1_2_client_method()". I'm not sure what
difference it makes, but maybe it requires a newer OpenSSL than you have?
Here's the commit to master, fyi:
https://github.com/cyrusimap/cyr
Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to
use TLSv1. Since we're building binary RPMs from Source RPMs anyway we
modified imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils
package: Here's the patch we used:
--
Hi All,
We're hoping to find some help on the list...
We are running Cyrus-IMAP on RHEL7, using an RPM pkg
(CYRUS-IMAPD-2.4.17-13.EL7) built from the Red Hat SRC RPM. We also
have SASL, Utils, devel etc pkgs all from RH.
Now we're looking to finally move Cyrus completely off insecure TLS
ver
