Bernardo Reino said on Sun, 19 Nov 2023 09:04:15 +0100 (CET) >On Sun, 19 Nov 2023, Steve Litt wrote: > >> Michael Orlitzky said on Sat, 18 Nov 2023 17:31:49 -0500 >> >>> On Sat, 2023-11-18 at 16:54 -0500, Steve Litt wrote: >>>> >>>> I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit >>>> x86_64 Void Linux computer using runit for its init system. I >>>> populate Dovecot's Maildir via fetchmail and procmail. >>>> >>> >>> You probably don't have to do anything. SSLv2 and SSLv3 have been >>> disabled by default in OpenSSL for a while, and my dovecot default >>> is, >>> >>> # doveconf -d | grep ssl_min_protocol >>> ssl_min_protocol = TLSv1.2 >> >> Nice! I'll make that change tomorrow. Thanks! > >Note that the above is actually the *default*, at least in the debian >12 (bookworm) version, so you should not have do anything. > >(and generally it is not recommended to deviate from defaults unless >you really know what you're doing, otherwise you may end up actually >worsening the security wrt the defaults). > >Good luck.
Thanks Bernardo, doveconf -d shows that I have no such config key as ssl_protocols, my ssl_min_protocol is TLSv1.2, and the default ssl_cipher_list is the following huge string: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH Is the preceding the safest and most bug free, or should I modify it in dovecot.conf? Thanks, SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
