Hi Mark,
I think I may not have been clear enough in my query, sorry!
What I'm trying to do is to prevent SSLv2 connections being made to our IMAP
server while allowing SSLv3 and TLSv1 connections. I think I've prevented the
use of SSLv2 ciphers but this does not prevent SSLv2 protocol connect
On Thu, 08 Mar 2012 19:04:47 +, Steve Platt
wrote:
> I've set up a list of ciphers that excludes SSLv2 ciphers (and other
> weak ones) in the hope of preventing SSLv2 connections:
>
> ssl_cipher_list = TLSv1+HIGH : !SSLv2 :
> RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH
>
> I tried mak
I've set up a list of ciphers that excludes SSLv2 ciphers (and other weak
ones) in the hope of preventing SSLv2 connections:
ssl_cipher_list = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES
: @STRENGTH
However, this doesn't prevent the SSLv2 connection being allowed as our Nessus