Sam Varshavchik wrote: > [EMAIL PROTECTED] writes: > >> I've been looking through the config file (and read the docs a few >> times). >> I'm sure there's a way to disable SSLv2 connections in the config but >> can't find out how. Can anyone help? > > If you do not want to start the SSL service, just don't run the > imapd-ssl script.
Sam, I think he was referring to the SSLv2 protocol itself as oppossed to SSL v3 and TLS v1. SSLv3 was released in 1996 making SSLv2 extremly old and insecure. Firefox has disabled SSLv2 in 2.0 and I believe IE7 has done the same. Maybe OpenSSL can be compiled w/o support for SSLv2 which would then prevent Courier SSL connections from understanding it? Here's an example of how to disable it for Apache: http://blog.scottlowe.org/2005/10/18/protecting-against-openssl-sslv2-flaw/ Jay ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
