Thanks Christian for your effort. In fact I was already aware that multiple files had the same configuration in the conf.d folder and had all relevant content changed.
In my case: grep -Hrn ssl_cipher_list /etc/dovecot/ /etc/dovecot/conf.d/01-mail-stack-delivery.conf:10:ssl_cipher_list = ECDHE-RSA-AES256-SHA /etc/dovecot/conf.d/10-ssl.conf:54:ssl_cipher_list = ECDHE-RSA-AES256-SHA /etc/dovecot/conf.d/99-mail-stack-delivery.conf:9:ssl_cipher_list = ECDHE-RSA-AES256-SHA grep -Hrn ssl_prefer_server_ciphers /etc/dovecot/ /etc/dovecot/conf.d/10-ssl.conf:57:ssl_prefer_server_ciphers = yes and sslscan behaviour is just the same (previously disclosed cipher list list) Apart from that: doveconf | grep cipher ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_prefer_server_ciphers = no I tried on dovecot-sql.conf.ext same result what is the dovecot version you are using? I could try a new setup on an alternative system so to not disrupt a working production server. Why did I run into this apparent flaw? Trying to prevent Sweet32 Birthday Attacks. I am attaching /etc/dovecot and the doveconf output in doveconf.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748245 Title: dovecot version 2.2.22 does not honor ssl_cipher_list To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1748245/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
