Hi,
I upgraded from Jessie to Buster (thru Stretch) and noticed that Cyrus
(imaps & pop3s) stopped negotiating TLS 1.0 and 1.1 protocols (I know
they're not recommended but I need them for older clients). I tried
several combinations of tls_ciphers and tls_versions in /etc/imapd.conf
(even very permisive combinations) with no success.
Any idea what's happening?
I'm not sure whether it's really a Cyrus issue or some other kind of
hardening feature in Buster. In that last regard, I also modified
/etc/ssl/openssl and set MinProtocol = TLSv1.0 (just in case), although
I think this setting is only for client programs like Curl. But seeing
that config I tend to think that Buster may have other tweaks against
older protocols like TLSv1.{0,1} and one of them may be impacting my setup.
Cheers,
-r
