Yes. Turns out without 1.0, 1.1 and 1.2, many email clients don’t work.
> On Mar 3, 2016, at 10:48 AM, Andrew Morgan wrote:
>
> On Thu, 3 Mar 2016, Tony Galecki via Info-cyrus wrote:
>
>> Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file
>> also fixed
On Thu, 3 Mar 2016, Tony Galecki via Info-cyrus wrote:
Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf
file also fixed the issue. However, some clients (notably older Mac Mail
clients) were not able to connect.
Don't you want to include tls1_0 and tls1_1 in the list?
Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file also
fixed the issue. However, some clients (notably older Mac Mail clients) were
not able to connect.
> On Mar 3, 2016, at 2:49 AM, Wolfgang Breyha wrote:
>
> On 02/03/16 12:02, Wolfgang Breyha via
On 02/03/16 12:02, Wolfgang Breyha via Info-cyrus wrote:
> You do not need to rebuild OpenSSL. I would check the SPEC File of the CentOS
> 7 RPM which patches they included. If the TLS changes were not backported I
> would try to build one of the newer 2.4.18 SRPMs for Fedora (eg. 23) on
> CentOS
Hi!
Tony Galecki via Info-cyrus wrote on 02/03/16 03:57:
> I’m trying to figure out how to make my Cyrus install to not be susceptible to
> the drown issue.
> I have tried limiting the ciphers to TLSv1.2 but haven’t had much success.
Limiting the cipher list does not deactive protocol support in
I’m trying to figure out how to make my Cyrus install to not be susceptible to
the drown issue.
I have tried limiting the ciphers to TLSv1.2 but haven’t had much success.
What should the tld_ciper_list be? Or is this an issue with SSL? (To fix this
do I need to patch the SSL libraries and