On Wed, Oct 15, 2014 at 3:03 PM, Dan Lukes <[email protected]> wrote: > On 10/15/14 21:32, Jimmy Dorff: > >> Is this possible to disable SSLv3 and only accept imaps using TLS? >>>> >>> > I created custom source patch for osdep/unix/ssl_unix.c >>> >>> Such patch allow me to write something like >>> >>> set ssl-protocols -ALL +TLSv1 >>> set ssl-cipher-list HIGH:!ADH:!EXPORT56:!SSLv2 >>> >>> into c-client.cf file. >>> >> > I'm on CentOS Linux and specifically using the panda-imap now on github. >> > > My patch has been created for imap-uw. I'm not familiar with panda-imap > sources. It may or may not be portable to them. >
I've never seen the panda-imap source until five minutes ago. Cloning from github then find . -type f | xargs grep -l TLSv1 spits out ./src/osdep/unix/ssl_unix.c then grep -i cipher on it gives #define SSLCIPHERLIST "ALL:!SSLv2:!ADH:!EXP:!LOW" . Should be easy to tweak+compile. > Is the patch available for testing? >> > > See http://www.freebsd.cz/~dan/patch-DAN-SETSSLCIPHER > > Did your patch also allow DHE ciphers to be used? >> > > My ssl-cipher-list accept the same values as -cipher option of underlying > OpenSSL library > > Dan > > > _______________________________________________ > Imap-uw mailing list > [email protected] > http://mailman13.u.washington.edu/mailman/listinfo/imap-uw > -- scott hollatz information technology systems and services university of minnesota duluth mn usa net: [email protected] tel: +1 218 726 8851 fax: +1 218 726 7674 Asn aD ta zlAp em uT zt33rg
_______________________________________________ Imap-uw mailing list [email protected] http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
