Check dovecot weak SSL/TLS

Musicfreak

Verified User
Joined
Mar 14, 2017
Messages
42
Location
Netherlands
in my ConfigServer Security & Firewall - csf

it says

Code:
Mail Check
Check dovecot weak SSL/TLS Ciphers (ssl_cipher_list)
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

i have added to my /etc/dovecot/conf/ssl.conf

Code:
ssl_min_protocol = TLSv1.1
ssl_cipher_list = ALL:!DSS:!DES-CBC3:!RC4:!ADH:-SSLv2:-SSLv3:-TLSv1:-EXP:-LOW:-MEDIUM:+HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA

i restarted dovecot but it still givs that check dovecot weak SSL/TLS ciphers
 
Back
Top