I took a new system (one bionic and one eoan to check the latest) $ apt install dovecot-imapd nmap $ nmap -Pn --script ssl-enum-ciphers -p 993 localhost
They BOTH reported TLS 1.0/1.1/1.2 Full logs: Bionic: http://paste.ubuntu.com/p/rYCzQ5Xwkw/ Eoan: https://paste.ubuntu.com/p/fDP6y8WbKP/ I don't know what happened to disable TLS 1.2 for your 18.04 system. But since the default install works out of the box I'd assume some configuration change? Maybe you could start fresh and check on which config change (starting with the base install) it goes away. About TLS 1.3 - this was a rather new addition to Bionic (openssl 1.1.1), I first expected that one might need to recompile dovecot to pick things up? But that alone can't be it, the version in Eoan was built against 1.1.1b-2ubuntu1 and also reports only up to TLS 1.2. Then I realized it might be nmap just not knowing about things. Since Dovecot just says "relies on openssl" (all you can configure is the minimum in /etc/dovecot/conf.d/10-ssl.conf). And it turns out it works fine $ openssl s_client -connect localhost:993 -crlf Returns having set up a TLS 1.3 connection in both cases Bionic: http://paste.ubuntu.com/p/cD8gZY5Jpj/ Eoan: https://paste.ubuntu.com/p/5MBpwRtcXG/ I think this is no issue at all, could you take a look again at your systems if it is either config or just nmap not understanding all of it? ** Changed in: dovecot (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836180 Title: TLS1.2 and newer not available in dovecot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1836180/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
