Bug 235035 - RHEL dovecot does not support the ssl_cipher_list config option
Summary: RHEL dovecot does not support the ssl_cipher_list config option
Keywords:
Status: CLOSED DUPLICATE of bug 252031
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dovecot
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Janousek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-03 14:39 UTC by Chris Stankaitis
Modified: 2007-11-17 01:14 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-13 20:25:19 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Chris Stankaitis 2007-04-03 14:39:55 UTC
Description of problem:

For compliance reasons we need to stop all SSL/TLS devices from allowing low
encryption cipher negotiation.  Currently dovecot is throwing up a red-flag in
our scans by allowing low ciphers.  There is a config option as listed at:

http://wiki.dovecot.org/MainConfig

Under the "SSL Settings" which lists the following config option:

ssl_cipher_list = ALL:!LOW

placing this option the the /etc/dovecot config results in dovecot not being
able to start and throwing an error regarding that config line:

Starting Dovecot Imap: Fatal: Error in configuration file /etc/dovecot.conf line
34: Unknown setting: ssl_cipher_list


Version-Release number of selected component (if applicable):

dovecot-0.99.11-4.EL4.i386

Comment 1 Tomas Janousek 2007-04-04 16:26:53 UTC
This config option was added during the development of the 1.0 branch. I'd have
to backport it.

I'm not sure if we can include this feature addition in a RHEL minor update.
It's present in RHEL5 though.

Comment 2 Chris Stankaitis 2007-04-04 18:03:15 UTC
Thanks for the quick update, I hope they'll let you backport the feature in U6,
with more and more enterprises having to go through regular security
certification the addition of this feature to RHEL4 would make a lot of people
happy IMHO.

Comment 3 Tomas Janousek 2007-08-13 20:25:19 UTC

*** This bug has been marked as a duplicate of 252031 ***


Note You need to log in before you can comment on or make changes to this bug.