Disallowing SSLv2
Dennis Davis
D.H.Davis at bath.ac.uk
Fri Jun 4 11:33:50 EDT 2010
On Fri, 4 Jun 2010, Raphael Jaffey wrote:
> From: Raphael Jaffey <rjaffey at artic.edu>
> To: Lorenzo Marcantonio <l.marcantonio at logossrl.com>
> Cc: "Rosenbaum, Larry M." <rosenbaumlm at ornl.gov>,
> "info-cyrus at lists.andrew.cmu.edu" <info-cyrus at lists.andrew.cmu.edu>
> Date: Fri, 4 Jun 2010 15:41:54
> Subject: Re: Disallowing SSLv2
>
> Lorenzo Marcantonio wrote:
> > On Fri, 4 Jun 2010, Rosenbaum, Larry M. wrote:
> >
> >> How do I tell Cyrus IMAP to not allow SSLv2?
> >
> > I used this in imapd.conf:
> >
> > tls_cipher_list: ALL:!ADH:!EXP:!MD5:!LOW
> >
>
> You need to add !SSLv2 to your example to get the desired effect:
>
> tls_cipher_list: ALL:!SSLv2:!ADH:!EXP:!MD5:!LOW
I currently use:
# Insist on "proper", rather than "mickey-mouse", ciphers. We'll
# expect to see high (key length > 128 bits) or medium (key length
# of 128 bits) ciphers, sorted by strength.
tls_cipher_list: HIGH:MEDIUM:@STRENGTH
To exclude SSLv2 ciphers as well, I'd write that as:
tls_cipher_list: HIGH:MEDIUM:!SSLv2:@STRENGTH
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk Phone: +44 1225 386101
More information about the Info-cyrus
mailing list