At 07:04 AM 1/6/2021, Paul Heinlein wrote:
On Wed, 6 Jan 2021, Kenneth Porter wrote:
--On Tuesday, January 05, 2021 7:40 PM -0800 david <david@xxxxxxxx> wrote:
In examining the file
/etc/dovecot/conf.d/10-ssl.conf
I see the text line:
ssl_cipher_list = PROFILE=SYSTEM
Yet, I cannot find any documentation that explains what that causes,
where the values are stored. I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros. Can anyone point me
to an explanation?
The value of ssl_cipher_list is passed directly to OpenSSL's
SSL_CTX_set_cipher_list():
<https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cipher_list.html>
See here for the meaning of PROFILE=SYSTEM:
<https://fedoraproject.org/wiki/Changes/CryptoPolicy#Scope>
Additionally, on your local system, look at
* the crypto-policies(7) man page
* the update-crypto-policies(8) man page
* the contents of the /etc/crypto-policies directory tree
Several applications use these policies, so it's worthwhile to take
a look around.
--
If only there had been a comment in the file /etc/dovecot/conf.d/10-ssl.conf
Thanks for the guidance
David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
