[Bug 1836180] Re: TLS1.2 and newer not available in dovecot
Andreas Hasenack
andreas at canonical.com
Wed Jul 17 20:16:18 UTC 2019
With or without this line in /etc/dovecot/conf.d/10-ssl.conf, openssl s_client -connect localhost:993 uses TLSv1.3:
ssl_protocols = !SSLv2 !SSLv3
Could you perhaps "grep ssl -r /etc/dovecot" and see if it's being
changed elsewhere? And perhaps paste this if you can (in terms of
sanitization):
# cat conf.d/10-ssl.conf |grep -vE "^(#|$)"
ssl = yes
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key
ssl_client_ca_dir = /etc/ssl/certs
ssl_protocols = !SSLv2 !SSLv3
Sometimes a cipher list selection (ssl_cipher_list) can change which
protocols are offered.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/1836180
Title:
TLS1.2 and newer not available in dovecot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1836180/+subscriptions
More information about the Ubuntu-server-bugs
mailing list