Bug 235035 - RHEL dovecot does not support the ssl_cipher_list config option
RHEL dovecot does not support the ssl_cipher_list config option
Status: CLOSED DUPLICATE of bug 252031
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dovecot (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Janousek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-03 10:39 EDT by Chris Stankaitis
Modified: 2007-11-16 20:14 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-13 16:25:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Stankaitis 2007-04-03 10:39:55 EDT
Description of problem:

For compliance reasons we need to stop all SSL/TLS devices from allowing low
encryption cipher negotiation.  Currently dovecot is throwing up a red-flag in
our scans by allowing low ciphers.  There is a config option as listed at:

http://wiki.dovecot.org/MainConfig

Under the "SSL Settings" which lists the following config option:

ssl_cipher_list = ALL:!LOW

placing this option the the /etc/dovecot config results in dovecot not being
able to start and throwing an error regarding that config line:

Starting Dovecot Imap: Fatal: Error in configuration file /etc/dovecot.conf line
34: Unknown setting: ssl_cipher_list


Version-Release number of selected component (if applicable):

dovecot-0.99.11-4.EL4.i386
Comment 1 Tomas Janousek 2007-04-04 12:26:53 EDT
This config option was added during the development of the 1.0 branch. I'd have
to backport it.

I'm not sure if we can include this feature addition in a RHEL minor update.
It's present in RHEL5 though.
Comment 2 Chris Stankaitis 2007-04-04 14:03:15 EDT
Thanks for the quick update, I hope they'll let you backport the feature in U6,
with more and more enterprises having to go through regular security
certification the addition of this feature to RHEL4 would make a lot of people
happy IMHO.
Comment 3 Tomas Janousek 2007-08-13 16:25:19 EDT

*** This bug has been marked as a duplicate of 252031 ***

Note You need to log in before you can comment on or make changes to this bug.