Hi Guys

A port scan of port 993 shows that my IMAP server is running the port through SSL v2. How do I upgrade this to SSL v3 and will this impact on existing settings.

imapd.conf reads:

hashimapspool: 1
sasl_mech_list: PLAIN
configdirectory: /var/lib/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sasl_pwcheck_method: saslauthd
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
autocreatequota_units: 1048576
sendmail: /usr/sbin/sendmail
partition-default: /var/spool/imap
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem

How do I configure IMAP to use TLS or SSLv3 and disable sslv2?



Regards

Look at the "tls_cipher_list" settings in your imapd.conf?

I copied over some other keys I am using and pointed in the file.

hashimapspool: 1
sasl_mech_list: PLAIN
configdirectory: /var/lib/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sasl_pwcheck_method: saslauthd
tls_ca_file: /var/lib/imap/cacert.pem
tls_key_file: /var/lib/imap/newreq.pem
autocreatequota_units: 1048576
sendmail: /usr/sbin/sendmail
partition-default: /var/spool/imap
tls_cert_file: /var/lib/imap/newcert.pem
tls_cipher_list: TLSv1:SSLv3:!DES:!HIGH:@STRENGTH

I have connected via openssl to the host on 993 and it shows TLS is being used. Someone did a port scan on 993 and the sslv2 shows as a vulnerabilty. I am a bit confused since the config points to tls and sslv3 being used.

Is there a way to prevent the ssl cipher presenting itseld. Can I disable via openssl?
Any ideas?

IIRC you could block explicitly adding ":!SSLv2:". Spose it needs a restart to show. Completely disabling SSL could lead to MUA compatibility problems.