Disable SSLv2 and SSLv3 in a default imapd.conf file
Ondřej Surý
9 years ago
| 260 | 260 | # from the list (because they provide no defense against man-in-the-middle |
| 261 | 261 | # attacks). It also orders the list so that stronger ciphers come first. |
| 262 | 262 | tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH |
| 263 | ||
| 264 | # A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts | |
| 265 | # with all protocols, and substracts protocols not in this list. Newer | |
| 266 | # versions of SSL/TLS will need to be added here to allow them to get | |
| 267 | # disabled. */ | |
| 268 | tls_versions: tls1_0 tls1_1 tls1_2 | |
| 263 | 269 | |
| 264 | 270 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
| 265 | 271 | #tls_require_cert: false |