Hi, prior to the version we have prepped for Bionic the ssl/crypto setup is a bit split (also stopped setting a now outdated cipher list there which makes the default more secure and the config be in one place). So I've seen it happen that late config files overrule early ones and thereby trigger the issue you are describing. Not sure but this "could" be your issue as well.
For example often it is set up together with mail-stack-delivery which would also place a /etc/dovecot/conf.d/99-mail-stack-delivery.conf file. So in my case I could set whatever I want in /etc/dovecot/conf.d/10-ssl.conf it would be overruled. $ grep -Hrn ssl_cipher_list /etc/dovecot/ /etc/dovecot/conf.d/10-ssl.conf:#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL /etc/dovecot/conf.d/99-mail-stack-delivery.conf:ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM Does above command return multiple files for you as well which might explain your issue? To check on my case I installed sslscan and ran it against my dovecot. I saw the same list you have. Then I set the ssl_cipher_list = HIGH in my last conf (99-... in my case as shown above) and it reduced the list. Setting ssl_cipher_list = ECDHE-RSA-AES256-SHA got me: Supported Server Cipher(s): Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA I hope that helps and is in fact the same as in your case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748245 Title: dovecot version 2.2.22 does not honor ssl_cipher_list To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1748245/+subscriptions -- ubuntu-bugs mailing list firstname.lastname@example.org https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs