cyrus 2.4.17 TLS woes

Patrick Goetz pgoetz at
Thu Jan 15 13:44:34 EST 2015

On 01/15/2015 10:04 AM, Wolfgang Breyha wrote:
> Maybe
> is of help.

Thanks for both writing and sharing that document.  Unfortunately it 
only has this to say about cyrus-imap:

Limiting the ciphers provided may force (especially older) clients to 
connect without encryption at all! Sticking to the defaults is recommended

If you still want to force strong encryption use


OK, but then what is the default?  The imapd.conf man page only tells us 

    tls_cipher_list: DEFAULT

I guess my real concern is recent SSL exploits.  Maybe if I'm only using 
STARTTLS this isn't a worry anyway?

More information about the Info-cyrus mailing list