On Oct/17/14 2:10, Sam Varshavchik wrote: > Oliver Mihatsch writes: > >> Behaviour when using the following variable (added !, added TLSv1_1): >> TLS_CIPHER_LIST="!SSLv3:TLSv1:TLSv1_1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" >> >> >> >> SSLv3 working, TLS 1.0 working, TLS 1.1 working, TLS 1.2 working (no >> changes to before) >> >> >> So results were not really what I was expecting. SSLv3 and TLS1/1.1 >> are somehow just an alias for each other. > > This weirdness is entirely OpenSSL's doing. This setting is passed > directly to OpenSSL, with no further interpretation. > > Someone else already dug up the code change necessary to disable > SSLv3. It appears that a small code change is required. > There was a patch released for OpenSSL recently which included TLS_FALLBACK_SCSV support. Isn't upgrading enough in this case? Or is there still a need to reconfigure imapd?
Thanks. ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
