Hello,
I work for an organization that uses a Secure Dovecot server for messaging, and
recently we've had to undergo some security screenings for PKI compliance
(credit card industry standards). However, the screening returned to us a
failure due to the following reason (attributed to our
I *think* you can fix this in your config.
ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
Consider yourself lucky you're not using UW. I believe you need to
recompile it.
Nessus thinks I'm good with the setting above.
John
Amit Thakkar wrote:
Hello,
I work for an organization
BTW. Dovecot v1.1 has by default:
ssl_cipher_list = ALL:!LOW:!SSLv2
I'd think that's enough to fix this too.
On Tue, 2008-09-30 at 10:23 -0400, John Gray wrote:
I *think* you can fix this in your config.
ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
Consider yourself lucky
FYI, Nessus scans are used for PCI Compliance. So if you've got all the
plugins, you're good to go for vulnerability checks.
IIRC, !SSLv2 was my solution when the SSL thing came up last year for
PCI Compliance (previous job).
Rick
Timo Sirainen wrote:
BTW. Dovecot v1.1 has by default:
