Cyrus IMAP 2.4.18 released

Andrew Morgan morgan at
Mon Jul 6 16:38:16 EDT 2015

On Mon, 6 Jul 2015, Sebastian Hagedorn wrote:

> --On 6. Juli 2015 14:23:11 +1000 ellie timoney <ellie at> wrote:
>> Please consult the release notes before upgrading to 2.4.18:
> The big one is this: "Disable use of SSLv2/SSLv3"
> When I look at our log files, I see that there are still several hundred 
> SSLv3 connections per day. I'm worried that not all clients used by our users 
> support TLSv1. One such client appears to be Outlook 2003. Has anybody else 
> (especially in education) already turned off SSLv3? What were your 
> experiences?

I had similar concerns when I was making SSLv3 and cipher changes to my 
LDAP service.  I wanted to proactively identify any clients that would be
affected so we could fix them in advance.

I used tshark to sniff the ciphers for all my incoming connections, but 
you can also get the TLS version used from the output.

I wrote it up in a blog post here:

NOTE: This does not require access to your private key because there is no 
decryption of data.


More information about the Info-cyrus mailing list