Disable SSLv2 and SSLv3 in a default imapd.conf file
Ondřej Surý
9 years ago
260 | 260 | # from the list (because they provide no defense against man-in-the-middle |
261 | 261 | # attacks). It also orders the list so that stronger ciphers come first. |
262 | 262 | tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH |
263 | ||
264 | # A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts | |
265 | # with all protocols, and substracts protocols not in this list. Newer | |
266 | # versions of SSL/TLS will need to be added here to allow them to get | |
267 | # disabled. */ | |
268 | tls_versions: tls1_0 tls1_1 tls1_2 | |
263 | 269 | |
264 | 270 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
265 | 271 | #tls_require_cert: false |