Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386, trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry) requirements yet keep ports 993 and 995 open. Tried 37 different variations of tls_cipher_list includin draconian tls_cipher_list: -ALL: +HIGH:-SSLv2m yet openssl s_client -ssl2 -connect localhost:993 Still yields SSL handshake has read 987 bytes and written 239 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 I beginning to think it can't be done.\? ----------------- So I try to rebuild imapd from most current sources. Thinking about -- but haven't yet -- hacking tls.c . Builds just fine, but now openssl s_client -ssl2 -connect localhost:993 yields CONNECTED(00000003) write:errno=104 WHy for? -------------------- I would consider switching to courier, but I have no desire to convert all my users' mailbox formats... ----------------------------------------------------------------------- | Wesley Alan Wright <mailto:Wesley.Wright@xxxxxxx> | | Academic Computing Services __0__ | | Room 407 Lafayette Building / \ | \ | | University of Vermont \77 | | Burlington, Vermont 05405-0160 USA. \\ http://www.uvm.edu/skivt-l | | Voice:802-656-1254 FAX:802-???-???? vv | | aim:goim?screenname=maddogskideath http://www.uvm.edu/~waw/ | ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html