Hi Reindl Harald Thank you for your reply. I got it.
I changed my /usr/local/etc/dovecot/local.conf below. ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4 It's work fine. Thank you again Yoshi 2015-01-06 5:59 GMT+09:00 Reindl Harald <[email protected]>: > > Am 05.01.2015 um 21:53 schrieb Yoshito Takeuchi: >> >> I used >> >> FreeBSD 10.1 >> Dovecot 2.2.15 >> >> I want pop3s, so I made >> >> /usr/local/etc/dovecot/local.conf >> >> ssl = yes >> ssl_cert = </usr/local/etc/dovecot/server.pem >> ssl_key = </usr/local/etc/dovecot/server.key >> ssl_ca = </usr/local/etc/dovecot/ca.pem >> ssl_protocols = !SSLv2 !SSLv3 >> ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4 >> >> It's work fine. >> But, change >> >> ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4 >> >> ( SSLV3 -> SSLv3 ) >> >> I did trouble >> >> /var/log/maillog >> >> Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth >> attempts in 0 >> secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS >> handshaking, session=<5e9 >> zuO0LVwB+PO8D> >> >> Is this bug ? or I did miss setting? > > > !SSLV3 was wrong and not recognized > !SSLv3 is recognized but bullshit since you want to disable SSLv3 but not > all ciphers which are still valid for newer TLS versions > > you do that already correctly with "ssl_protocols" >
