CSF + Dovecot + cipber_list

Post Reply
MauriceO
Junior Member
Posts: 2
Joined: 20 Apr 2017, 17:40

CSF + Dovecot + cipber_list

Post by MauriceO »

Always after patching Dovecot CSF gives:

Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf

This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.

Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?
MaXi32
Junior Member
Posts: 11
Joined: 13 Aug 2019, 03:26

Re: CSF + Dovecot + cipber_list

Post by MaXi32 »

Too old to answer but still a valid question as today.

You can ignore the message because csf/ldf only check:

/etc/my.cnf and /etc/dovecot.conf, etc.

see this: http://forum.directadmin.com/showthread.php?t=55828
MaXi32
Junior Member
Posts: 11
Joined: 13 Aug 2019, 03:26

Re: CSF + Dovecot + cipber_list

Post by MaXi32 »

Another way is to use directadmin dovecot config file which contains the SSL Chiper (v.2.0.1 is the latest)

1)

Code: Select all

wget -O /etc/dovecot.conf http://files.directadmin.com/services/custombuild/dovecot.conf.2.0.1
2) Restart dovecot:

Code: Select all

systemctl restart dovecot
Post Reply