Re: drown/SSL issue

Yes. Turns out without 1.0, 1.1 and 1.2, many email clients don’t work. > On Mar 3, 2016, at 10:48 AM, Andrew Morgan wrote: > > On Thu, 3 Mar 2016, Tony Galecki via Info-cyrus wrote: > >> Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file >> also fixed

Re: drown/SSL issue

On Thu, 3 Mar 2016, Tony Galecki via Info-cyrus wrote: Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file also fixed the issue. However, some clients (notably older Mac Mail clients) were not able to connect. Don't you want to include tls1_0 and tls1_1 in the list?

Re: drown/SSL issue

Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file also fixed the issue. However, some clients (notably older Mac Mail clients) were not able to connect. > On Mar 3, 2016, at 2:49 AM, Wolfgang Breyha wrote: > > On 02/03/16 12:02, Wolfgang Breyha via

Re: drown/SSL issue

On 02/03/16 12:02, Wolfgang Breyha via Info-cyrus wrote: > You do not need to rebuild OpenSSL. I would check the SPEC File of the CentOS > 7 RPM which patches they included. If the TLS changes were not backported I > would try to build one of the newer 2.4.18 SRPMs for Fedora (eg. 23) on > CentOS

Re: drown/SSL issue

Hi! Tony Galecki via Info-cyrus wrote on 02/03/16 03:57: > I’m trying to figure out how to make my Cyrus install to not be susceptible to > the drown issue. > I have tried limiting the ciphers to TLSv1.2 but haven’t had much success. Limiting the cipher list does not deactive protocol support in

drown/SSL issue

I’m trying to figure out how to make my Cyrus install to not be susceptible to the drown issue. I have tried limiting the ciphers to TLSv1.2 but haven’t had much success. What should the tld_ciper_list be? Or is this an issue with SSL? (To fix this do I need to patch the SSL libraries and