Page 1 of 1

CSF + Dovecot + cipber_list

Posted: 20 Apr 2017, 17:46
by MauriceO
Always after patching Dovecot CSF gives:

Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf

This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.

Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?

Re: CSF + Dovecot + cipber_list

Posted: 28 Oct 2019, 03:56
by MaXi32
Too old to answer but still a valid question as today.

You can ignore the message because csf/ldf only check:

/etc/my.cnf and /etc/dovecot.conf, etc.

see this: http://forum.directadmin.com/showthread.php?t=55828

Re: CSF + Dovecot + cipber_list

Posted: 28 Oct 2019, 04:27
by MaXi32
Another way is to use directadmin dovecot config file which contains the SSL Chiper (v.2.0.1 is the latest)

1)

Code: Select all

wget -O /etc/dovecot.conf http://files.directadmin.com/services/custombuild/dovecot.conf.2.0.1
2) Restart dovecot:

Code: Select all

systemctl restart dovecot