LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-04-2008, 04:18 AM   #1
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Rep: Reputation: 15
How to upgrade IMAP SSLv2 to v3


Hi Guys

A port scan of port 993 shows that my IMAP server is running the port through SSL v2. How do I upgrade this to SSL v3 and will this impact on existing settings.

imapd.conf reads:

hashimapspool: 1
sasl_mech_list: PLAIN
configdirectory: /var/lib/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sasl_pwcheck_method: saslauthd
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
autocreatequota_units: 1048576
sendmail: /usr/sbin/sendmail
partition-default: /var/spool/imap
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem

How do I configure IMAP to use TLS or SSLv3 and disable sslv2?



Regards

Last edited by i_nomad; 07-04-2008 at 04:42 AM.
 
Old 07-04-2008, 06:26 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Look at the "tls_cipher_list" settings in your imapd.conf?
 
Old 07-04-2008, 06:56 AM   #3
i_nomad
Member
 
Registered: Mar 2008
Distribution: RedHatES4
Posts: 144

Original Poster
Rep: Reputation: 15
I copied over some other keys I am using and pointed in the file.

hashimapspool: 1
sasl_mech_list: PLAIN
configdirectory: /var/lib/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sasl_pwcheck_method: saslauthd
tls_ca_file: /var/lib/imap/cacert.pem
tls_key_file: /var/lib/imap/newreq.pem
autocreatequota_units: 1048576
sendmail: /usr/sbin/sendmail
partition-default: /var/spool/imap
tls_cert_file: /var/lib/imap/newcert.pem
tls_cipher_list: TLSv1:SSLv3:!DES:!HIGH:@STRENGTH

I have connected via openssl to the host on 993 and it shows TLS is being used. Someone did a port scan on 993 and the sslv2 shows as a vulnerabilty. I am a bit confused since the config points to tls and sslv3 being used.

Is there a way to prevent the ssl cipher presenting itseld. Can I disable via openssl?
Any ideas?
 
Old 07-04-2008, 07:34 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
IIRC you could block explicitly adding ":!SSLv2:". Spose it needs a restart to show. Completely disabling SSL could lead to MUA compatibility problems.
 
  


Reply

Tags
disable, imap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UW-IMAP server disconnects. Problems with Outlook and IMAP greg_med Linux - Server 2 12-19-2007 04:18 AM
upgrade imap-2001a on redhat9 zhanghanxi Linux - Server 1 12-18-2006 06:38 AM
Migrating Mail - Courier Imap /Maildir > Cyrus /var/spool/imap swilliams2006 Linux - Server 3 10-13-2006 05:47 PM
qmail-ldap + courier-imap woes (imap capability) syahid Linux - General 1 10-12-2005 12:03 AM
IMAP works but IMAP TLS doesn't under PHP (Horde IMP) theparadigm Linux - Software 0 11-17-2003 12:35 AM


All times are GMT -5. The time now is 11:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration