[Bug 1836180] Re: TLS1.2 and newer not available in dovecot

Andreas Hasenack andreas at canonical.com
Wed Jul 17 20:16:18 UTC 2019


With or without this line in /etc/dovecot/conf.d/10-ssl.conf, openssl s_client -connect localhost:993 uses TLSv1.3:
ssl_protocols = !SSLv2 !SSLv3

Could you perhaps "grep ssl -r /etc/dovecot" and see if it's being
changed elsewhere? And perhaps paste this if you can (in terms of
sanitization):

# cat conf.d/10-ssl.conf |grep -vE "^(#|$)"
ssl = yes
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key
ssl_client_ca_dir = /etc/ssl/certs
ssl_protocols = !SSLv2 !SSLv3

Sometimes a cipher list selection (ssl_cipher_list) can change which
protocols are offered.

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/1836180

Title:
  TLS1.2 and newer not available in dovecot

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1836180/+subscriptions



More information about the Ubuntu-server-bugs mailing list