With or without this line in /etc/dovecot/conf.d/10-ssl.conf, openssl s_client -connect localhost:993 uses TLSv1.3: ssl_protocols = !SSLv2 !SSLv3
Could you perhaps "grep ssl -r /etc/dovecot" and see if it's being changed elsewhere? And perhaps paste this if you can (in terms of sanitization): # cat conf.d/10-ssl.conf |grep -vE "^(#|$)" ssl = yes ssl_cert = </etc/dovecot/private/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.key ssl_client_ca_dir = /etc/ssl/certs ssl_protocols = !SSLv2 !SSLv3 Sometimes a cipher list selection (ssl_cipher_list) can change which protocols are offered. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/1836180 Title: TLS1.2 and newer not available in dovecot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1836180/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
