Hi All, We're hoping to find some help on the list... We are running Cyrus-IMAP on RHEL7, using an RPM pkg (cyrus-imapd-2.4.17-13.el7) built from the Red Hat SRC RPM. We also have SASL, Utils, devel etc pkgs all from RH. Now we're looking to finally move Cyrus completely off insecure TLS versions. But now there is a lingering issue... We removed tls1_0 from impad.conf, and the CYRADM shell stopped working. We can no longer connect at all: cyradm -u cyrus <server> cyradm -u cyrus --notls <server> The presumption is (as cyradm is just a wrapper script) any PERL scripts calling Cyrus::IMAP::Admin over a STARTTLS connection could likewise be broken (?) if we block TLS 1.0. cyradm is using TLSv1 per maillog: imaps[14096]: starttls: TLSv1 with cipher <snip> Our MAN page for cyradm shows a "--notls" option, which does not work/changes nothing. Oddly, the cyradm help flag does NOT show this option, yet cyradm doesn't bark when it's passed: Usage: cyradm [args] server A web search reveals the MAN page for cyradm in Cyrus v.3, and it shows notls as an option to AUTHENTICATE, after a server connection is made, so its unclear to me what's going on... Does anyone have cyradm working with TLS1.2?
Regards & THANKS in advance for any assistance or suggestions offered.
--
John
|
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus