Am 29.07.2018 um 21:02 schrieb J Doe:
Hello,I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. In: 10-ssl.conf there are two parameters: ssl_protocols ssl_cipher_list ssl_protocols is commented with “SSL protocol to use” and ssl_cipher_list is commented with “SSL ciphers to use”. If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in ssl_cipher_list do the same thing ? So is: ssl_cipher_list = !SSLv3 …equivalent to: ssl_protocols = !SSLv3 ssl_cipher_list = !SSLv3
No. SSLv3 is not a cipher but a protocol. "ssl_protocols = !SSLv2 !SSLv3" is what you want to specify. For ciphers you could define by ssl_cipher_list see "openssl ciphers -v"
Thanks, - J
Alexander
