On 09-03-16 13:14, djk wrote: > On 09/03/16 10:44, Florent B wrote: >> Hi, >> >> I don't see any SSL configuration option in Dovecot to disable >> "Client-initiated secure renegotiation". >> >> It is advised to disable it as it can cause DDoS (CVE-2011-1473). >> >> Is it possible to have this possibility through an SSL option or other ? >> >> Thank you. >> >> Florent > ssl_protocols = !SSLv3 !SSLv2 > > Is that enough?
I'm afraid not. I've got SSLv2 and SSLv3 disabled and with `openssl s_client -connect $host:993` I still can successfully renegotiate by passing a single 'R'.