CSF + Dovecot + cipber_list
Posted: 20 Apr 2017, 17:46
Always after patching Dovecot CSF gives:
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf
This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.
Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf
This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.
Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?