CSF + Dovecot + cipber_list

1 post Page 1 of 1
MauriceO
Junior Member
Posts: 1
Joined: 20 Apr 2017, 17:40


Always after patching Dovecot CSF gives:

Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in /etc/dovecot/conf/ssl.conf

This alert in CSF only disappears when the cipher_list is set directly in alle /etc/dovecot.conf staat, en not in a include.

Is there an option to adjust the check to also checking the includes in /etc/dovecot.conf?
1 post Page 1 of 1