Yup, turns out that’s a left over from before Dovecot 2.2…. It was getting ignored and the default is TLSv1.
Removed from my config as obsolete. Carl From: Gary Bowling [mailto:[email protected]] Sent: Wednesday, September 04, 2019 01:44 PM To: [email protected] Subject: Re: [qmailtoaster] SSL Problem Dovecot Carl, when I put that statement in my dovecot conf I get the following in my log on startup. Sep 04 13:39:41 config: Warning: Obsolete setting in /etc/dovecot/local.conf:22: ssl_protocols has been replaced by ssl_min_protocol Sep 04 13:39:41 config: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2: Unrecognized protocol 'SSLv2' Thanks, Gary On 9/4/2019 1:20 PM, CarlC Internet Services Service Desk wrote: For Dovecot, I use ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] that start with the strongest and work downward from there. When I run a scan against IMAPS, any that are found to be compromised, I change the list to match. This is why I don’t list mine as its fluid based on the latest scans. $0.02, Carl --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] <mailto:[email protected]> For additional commands, e-mail: [email protected] <mailto:[email protected]>
