For Dovecot, I use

 

ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2

 

Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] 
that start with the strongest and work downward from there. When I run a scan 
against IMAPS, any that are found to be compromised, I change the list to 
match. This is why I don’t list mine as its fluid based on the latest scans.

 

$0.02,

Carl

Reply via email to