support for starttls
dtk
d.t.k at gmx.de
Thu Apr 7 00:39:02 BST 2011
Hey Sebastian,
On Wed, Apr 06, 2011 at 12:12:05PM +0200, Sebastian Spaeth wrote:
> On Tue, 05 Apr 2011 23:26:33 +0200, dtk <d.t.k at gmx.de> wrote:
>
> > self._sslobj.do_handshake()
> > SSLError: [Errno 1] _ssl.c:490: error:1408F10B:SSL
> > routines:SSL3_GET_RECORD:wrong version number
>
> Could it be that the server only supports SSLv2 (which is insecure) or
> so?
I can't tell for sure, but I hope not:
[bash]
$ ps -ef | grep dovecot
root 422 1 0 Mar03 ? 00:02:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
[...]
$ cat /etc/dovecot/dovecot.conf | grep ssl_cipher_list
#ssl_cipher_list = ALL:!LOW:!SSLv2
$ /usr/sbin/dovecot --version
1.2.9
$
[/bash]
The line defining the allowed ciphers is commented, but assuming the preset
value is used as a default, SSLv2 would be forbidden.
Additionally the Dovecot v1.x documentation states[0]:
"SSLv3 is still allowed by Dovecot, but it's rarely used. [...] TLS (Transport
Layer Security) replaced the SSL protocol. TLSv1 protocol is used practically
always nowadays."
Doesn't exactly sound like they would use 'SSLv2 only', or
does it? :/
dtk
__________
[0]http://wiki1.dovecot.org/SSL
More information about the OfflineIMAP-project
mailing list