Hi,
prior to the version we have prepped for Bionic the ssl/crypto setup is a bit
split (also stopped setting a now outdated cipher list there which makes the
default more secure and the config be in one place).
So I've seen it happen that late config files overrule early ones and thereby
trigger the issue you are describing.
Not sure but this "could" be your issue as well.
For example often it is set up together with mail-stack-delivery which
would also place a /etc/dovecot/conf.d/99-mail-stack-delivery.conf file.
So in my case I could set whatever I want in
/etc/dovecot/conf.d/10-ssl.conf it would be overruled.
$ grep -Hrn ssl_cipher_list /etc/dovecot/
/etc/dovecot/conf.d/10-ssl.conf:#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
/etc/dovecot/conf.d/99-mail-stack-delivery.conf:ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
Does above command return multiple files for you as well which might
explain your issue?
To check on my case I installed sslscan and ran it against my dovecot.
I saw the same list you have.
Then I set the ssl_cipher_list = HIGH in my last conf (99-... in my case as
shown above) and it reduced the list.
Setting
ssl_cipher_list = ECDHE-RSA-AES256-SHA
got me:
Supported Server Cipher(s):
Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA
I hope that helps and is in fact the same as in your case.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748245
Title:
dovecot version 2.2.22 does not honor ssl_cipher_list
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1748245/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
