With or without this line in /etc/dovecot/conf.d/10-ssl.conf, openssl s_client -connect localhost:993 uses TLSv1.3: ssl_protocols = !SSLv2 !SSLv3
Could you perhaps "grep ssl -r /etc/dovecot" and see if it's being changed elsewhere? And perhaps paste this if you can (in terms of sanitization): # cat conf.d/10-ssl.conf |grep -vE "^(#|$)" ssl = yes ssl_cert = </etc/dovecot/private/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.key ssl_client_ca_dir = /etc/ssl/certs ssl_protocols = !SSLv2 !SSLv3 Sometimes a cipher list selection (ssl_cipher_list) can change which protocols are offered. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836180 Title: TLS1.2 and newer not available in dovecot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1836180/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
