On Fri, 4 Jun 2010, Raphael Jaffey wrote: > From: Raphael Jaffey <rjaffey@xxxxxxxxx> > To: Lorenzo Marcantonio <l.marcantonio@xxxxxxxxxxxx> > Cc: "Rosenbaum, Larry M." <rosenbaumlm@xxxxxxxx>, > "info-cyrus@xxxxxxxxxxxxxxxxxxxx" <info-cyrus@xxxxxxxxxxxxxxxxxxxx> > Date: Fri, 4 Jun 2010 15:41:54 > Subject: Re: Disallowing SSLv2 > > Lorenzo Marcantonio wrote: > > On Fri, 4 Jun 2010, Rosenbaum, Larry M. wrote: > > > >> How do I tell Cyrus IMAP to not allow SSLv2? > > > > I used this in imapd.conf: > > > > tls_cipher_list: ALL:!ADH:!EXP:!MD5:!LOW > > > > You need to add !SSLv2 to your example to get the desired effect: > > tls_cipher_list: ALL:!SSLv2:!ADH:!EXP:!MD5:!LOW I currently use: # Insist on "proper", rather than "mickey-mouse", ciphers. We'll # expect to see high (key length > 128 bits) or medium (key length # of 128 bits) ciphers, sorted by strength. tls_cipher_list: HIGH:MEDIUM:@STRENGTH To exclude SSLv2 ciphers as well, I'd write that as: tls_cipher_list: HIGH:MEDIUM:!SSLv2:@STRENGTH -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK D.H.Davis@xxxxxxxxxx Phone: +44 1225 386101 ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
