On Fri, 4 Jun 2010, Raphael Jaffey wrote: > From: Raphael Jaffey <rjaf...@artic.edu> > To: Lorenzo Marcantonio <l.marcanto...@logossrl.com> > Cc: "Rosenbaum, Larry M." <rosenbau...@ornl.gov>, > "info-cyrus@lists.andrew.cmu.edu" <info-cyrus@lists.andrew.cmu.edu> > Date: Fri, 4 Jun 2010 15:41:54 > Subject: Re: Disallowing SSLv2 > > Lorenzo Marcantonio wrote: > > On Fri, 4 Jun 2010, Rosenbaum, Larry M. wrote: > > > >> How do I tell Cyrus IMAP to not allow SSLv2? > > > > I used this in imapd.conf: > > > > tls_cipher_list: ALL:!ADH:!EXP:!MD5:!LOW > > > > You need to add !SSLv2 to your example to get the desired effect: > > tls_cipher_list: ALL:!SSLv2:!ADH:!EXP:!MD5:!LOW
I currently use: # Insist on "proper", rather than "mickey-mouse", ciphers. We'll # expect to see high (key length > 128 bits) or medium (key length # of 128 bits) ciphers, sorted by strength. tls_cipher_list: HIGH:MEDIUM:@STRENGTH To exclude SSLv2 ciphers as well, I'd write that as: tls_cipher_list: HIGH:MEDIUM:!SSLv2:@STRENGTH -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101 ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
