Re: [CentOS] dovecot option PROFILE=SYSTEM

2021-01-06 Thread Kenneth Porter 

--On Wednesday, January 06, 2021 7:08 AM -0800 david  wrote:


If only there had been a comment in the file
/etc/dovecot/conf.d/10-ssl.conf


I suggest opening an enhancement request on Bugzilla.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

2021-01-06 Thread david 

At 07:04 AM 1/6/2021, Paul Heinlein wrote:

On Wed, 6 Jan 2021, Kenneth Porter wrote:


--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM
Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




Additionally, on your local system, look at

* the crypto-policies(7) man page
* the update-crypto-policies(8) man page
* the contents of the /etc/crypto-policies directory tree

Several applications use these policies, so it's worthwhile to take 
a look around.


--




If only there had been a comment in the file /etc/dovecot/conf.d/10-ssl.conf



Thanks for the guidance

David

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

2021-01-06 Thread Paul Heinlein 

On Wed, 6 Jan 2021, Kenneth Porter wrote:


--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM

Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




Additionally, on your local system, look at

* the crypto-policies(7) man page
* the update-crypto-policies(8) man page
* the contents of the /etc/crypto-policies directory tree

Several applications use these policies, so it's worthwhile to take a 
look around.


--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

2021-01-06 Thread Kenneth Porter 

--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM

Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] dovecot option PROFILE=SYSTEM

2021-01-05 Thread david 

Folks

In examining the file
 /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
 ssl_cipher_list = PROFILE=SYSTEM

Yet, I cannot find any documentation that explains what that causes, 
where the values are stored.  I ask because I don't see that text 
line in other installations of Dovecot 2.3 on other distros.  Can 
anyone point me to an explanation?


David

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos