Am 05.01.2015 um 21:53 schrieb Yoshito Takeuchi:
I usedFreeBSD 10.1 Dovecot 2.2.15 I want pop3s, so I made /usr/local/etc/dovecot/local.conf ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4 It's work fine. But, change ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4 ( SSLV3 -> SSLv3 ) I did trouble /var/log/maillog Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session=<5e9 zuO0LVwB+PO8D> Is this bug ? or I did miss setting?
!SSLV3 was wrong and not recognized!SSLv3 is recognized but bullshit since you want to disable SSLv3 but not all ciphers which are still valid for newer TLS versions
you do that already correctly with "ssl_protocols"
signature.asc
Description: OpenPGP digital signature
