On 29/01/2010 6:56 PM, Timo Sirainen wrote:
On 29.1.2010, at 9.23, Andreas Schulze wrote:
From: Timo Sirainen<t...@iki.fi>
Subject: Re: [Dovecot] How do I make dovecot not use sslv2 for pop?
Message-ID:<1264724551.22202.139.ca...@hurina>
Anyway.. I guess I should do something about this. Not really sure what,
though.
Timo,
you can simply stop supporting SSLv2.
Nobody really needs security known to be insecure.
Yeah. I'm actually more wondering about SSLv3+TLSv1 vs. TLSv1. Apparently
disabling SSLv3 isn't a good idea yet? But still, maybe there should be a
configuration option for that.. Or maybe not.
The only SSLv3 connections my server is receiving are from a Blackberry
server (hosted, not enterprise). I would be quite happy to disable that
and insist folk get iPhones instead ... but the bosses may be unhappy.
I don't have anything ancient like Outlook Express connecting to me -
older versions of that probably have a similar problem to Internet
Explorer 6. However should at least cope with SSLv3.
Blackberry server is connecting as: "SSLv3 with cipher AES128-SHA
(128/128 bits)"
(%k in dovecot login_log_format_elements)
Rob.
