Always after patching Dovecot CSF gives:
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf
This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.
Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?
CSF + Dovecot + cipber_list
Re: CSF + Dovecot + cipber_list
Too old to answer but still a valid question as today.
You can ignore the message because csf/ldf only check:
/etc/my.cnf and /etc/dovecot.conf, etc.
see this: http://forum.directadmin.com/showthread.php?t=55828
You can ignore the message because csf/ldf only check:
/etc/my.cnf and /etc/dovecot.conf, etc.
see this: http://forum.directadmin.com/showthread.php?t=55828
Re: CSF + Dovecot + cipber_list
Another way is to use directadmin dovecot config file which contains the SSL Chiper (v.2.0.1 is the latest)
1)
2) Restart dovecot:
1)
Code: Select all
wget -O /etc/dovecot.conf http://files.directadmin.com/services/custombuild/dovecot.conf.2.0.1
Code: Select all
systemctl restart dovecot