Red Hat Bugzilla – Bug 235035
RHEL dovecot does not support the ssl_cipher_list config option
Last modified: 2007-11-16 20:14:55 EST
Description of problem: For compliance reasons we need to stop all SSL/TLS devices from allowing low encryption cipher negotiation. Currently dovecot is throwing up a red-flag in our scans by allowing low ciphers. There is a config option as listed at: http://wiki.dovecot.org/MainConfig Under the "SSL Settings" which lists the following config option: ssl_cipher_list = ALL:!LOW placing this option the the /etc/dovecot config results in dovecot not being able to start and throwing an error regarding that config line: Starting Dovecot Imap: Fatal: Error in configuration file /etc/dovecot.conf line 34: Unknown setting: ssl_cipher_list Version-Release number of selected component (if applicable): dovecot-0.99.11-4.EL4.i386
This config option was added during the development of the 1.0 branch. I'd have to backport it. I'm not sure if we can include this feature addition in a RHEL minor update. It's present in RHEL5 though.
Thanks for the quick update, I hope they'll let you backport the feature in U6, with more and more enterprises having to go through regular security certification the addition of this feature to RHEL4 would make a lot of people happy IMHO.
*** This bug has been marked as a duplicate of 252031 ***