Dovecot: drops SSLv2 and SSLv3 via ssl_protocols

author: Silvio Rhatto <rhatto@riseup.net> 2016-08-19 15:33:51 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2016-08-19 15:33:51 -0300
commit: da63b146d91e351120f6de66bcebe91e6389f2f8 (patch)
tree: 6d374c9085bf7301a0ae15d21574257aa556aa07
parent: 02d67a46797b1df10a1b50914c22e941527d3119 (diff)
download: puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.gz
puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/dovecot/dovecot.conf.wheezy.erb b/templates/dovecot/dovecot.conf.wheezy.erb
index cf2d720..0d18b85 100644
--- a/templates/dovecot/dovecot.conf.wheezy.erb
+++ b/templates/dovecot/dovecot.conf.wheezy.erb
@@ -40,7 +40,10 @@ ssl_key = </etc/ssl/private/cert.pem
 
 # SSL ciphers to use
 # See http://www.virtualmin.com/node/25057
+#     https://zmap.io/sslv3/servers.html
+#     https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher
 ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3
+ssl_protocols = !SSlv2 !SSLv3
 
 userdb {
   args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes
author	Silvio Rhatto <rhatto@riseup.net>	2016-08-19 15:33:51 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2016-08-19 15:33:51 -0300
commit	da63b146d91e351120f6de66bcebe91e6389f2f8 (patch)
tree	6d374c9085bf7301a0ae15d21574257aa556aa07
parent	02d67a46797b1df10a1b50914c22e941527d3119 (diff)
download	puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.gz puppet-mail-da63b146d91e351120f6de66bcebe91e6389f2f8.tar.bz2