prior to the version we have prepped for Bionic the ssl/crypto setup is a bit 
split (also stopped setting a now outdated cipher list there which makes the 
default more secure and the config be in one place).
So I've seen it happen that late config files overrule early ones and thereby 
trigger the issue you are describing.
Not sure but this "could" be your issue as well.

For example often it is set up together with mail-stack-delivery which
would also place a /etc/dovecot/conf.d/99-mail-stack-delivery.conf file.

So in my case I could set whatever I want in
/etc/dovecot/conf.d/10-ssl.conf it would be overruled.

$ grep -Hrn ssl_cipher_list /etc/dovecot/
/etc/dovecot/conf.d/10-ssl.conf:#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
/etc/dovecot/conf.d/99-mail-stack-delivery.conf:ssl_cipher_list = 

Does above command return multiple files for you as well which might
explain your issue?

To check on my case I installed sslscan and ran it against my dovecot.
I saw the same list you have.
Then I set the ssl_cipher_list = HIGH in my last conf (99-... in my case as 
shown above) and it reduced the list.
ssl_cipher_list = ECDHE-RSA-AES256-SHA
got me:
  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA

I hope that helps and is in fact the same as in your case.

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  dovecot version 2.2.22 does not honor  ssl_cipher_list

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to