Yup, turns out that’s a left over from before Dovecot 2.2…. It was getting 
ignored and the default is TLSv1.


Removed from my config as obsolete.



From: Gary Bowling [mailto:g...@gbco.us] 
Sent: Wednesday, September 04, 2019 01:44 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot



Carl, when I put that statement in my dovecot conf I get the following in my 
log on startup.

Sep 04 13:39:41 config: Warning: Obsolete setting in 
/etc/dovecot/local.conf:22: ssl_protocols has been replaced by ssl_min_protocol
Sep 04 13:39:41 config: Error: Could not find a minimum ssl_min_protocol 
setting from ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2: Unrecognized 
protocol 'SSLv2'


Thanks, Gary 


On 9/4/2019 1:20 PM, CarlC Internet Services Service Desk wrote:

For Dovecot, I use


ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2


Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] 
that start with the strongest and work downward from there. When I run a scan 
against IMAPS, any that are found to be compromised, I change the list to 
match. This is why I don’t list mine as its fluid based on the latest scans.




--------------------------------------------------------------------- To 
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>  For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Reply via email to