Thanks Christian for your effort. In fact I was already aware that
multiple files had the same configuration in the conf.d folder and had
all relevant content changed.

In my case:

grep -Hrn ssl_cipher_list /etc/dovecot/
/etc/dovecot/conf.d/01-mail-stack-delivery.conf:10:ssl_cipher_list = 
/etc/dovecot/conf.d/10-ssl.conf:54:ssl_cipher_list = ECDHE-RSA-AES256-SHA
/etc/dovecot/conf.d/99-mail-stack-delivery.conf:9:ssl_cipher_list = 

grep -Hrn ssl_prefer_server_ciphers /etc/dovecot/
/etc/dovecot/conf.d/10-ssl.conf:57:ssl_prefer_server_ciphers = yes

and sslscan behaviour is just the same (previously disclosed cipher list

Apart from that:

doveconf | grep cipher
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers = no

I tried

on dovecot-sql.conf.ext
same result

what is the dovecot version you are using? I could try a new setup on an
alternative system so to not disrupt a working production server. Why
did I run into this apparent flaw? Trying to prevent Sweet32 Birthday

I am attaching /etc/dovecot and the doveconf output in doveconf.txt

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  dovecot version 2.2.22 does not honor  ssl_cipher_list

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to