Hi, On Thu, Oct 16, 2014 at 1:51 AM, Eric Shubert <e...@shubes.net> wrote:
> In order to disable SSLv3, you need to change your cyphers list in > /etc/dovecot/toaster.conf file for dovecot, and > /var/qmail/control/tlsserverciphers for qmail-smtpd. > > If you turn off SSLv3, that includes TLS, so you'd better turn off plain and > login authentication methods as well. Looks like digest-md5 or cram-md5 > would be the only non-plain-text authentication methods available. I imagine > Dan's loving that. ;) Regarding this StackExchange information: http://security.stackexchange.com/questions/70832/why-doesnt-the-tls-protocol-work-without-the-sslv3-ciphersuites there is no need to disable ciphers, but only SSL v3 protocol (POODLE is a protocol, not cipher, problem)? Here you can find software specific instructions for disabling SSL v3, including Dovecot: https://linode.com/docs/security/security-patches/disabling-sslv3-for-poodle I haven't tried these yet as it seems I need to upgrade my Dovecot installations first to be able to disable sslv3... Best, Peter --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
