Linux System Administration and Security » Dovecot http://www.jasonbrown.us Tue, 31 Jan 2012 02:58:29 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Disable Weak Ciphers in Dovecot http://www.jasonbrown.us/2010/02/disable-weak-ciphers-in-dovecot/ http://www.jasonbrown.us/2010/02/disable-weak-ciphers-in-dovecot/#comments Mon, 15 Feb 2010 13:50:43 +0000 jason http://www.jasonbrown.us/?p=12 In running my periodic Nessus scans, it picked up a few medium severity vulnerabilities against Dovecot. One was “SSL Anonymous Cipher Suites Supported” and the other, “SSL Weak Cipher Suites Supported.”

Look in the Dovecot config file located in /etc/dovecot.conf under “SSL ciphers to use” and you will see:
ssl_cipher_list = ALL:!LOW:!MEDIUM

To disable these weak ciphers change this to:
ssl_cipher_list = ALL:!LOW:!MEDIUM:!MD5:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA

Run the Nessus scan again and those two vulnerabilities go away :-)

Post to Twitter

]]> http://www.jasonbrown.us/2010/02/disable-weak-ciphers-in-dovecot/feed/ 0