Red Hat Bugzilla – Bug 235035
RHEL dovecot does not support the ssl_cipher_list config option
Last modified: 2007-11-16 20:14:55 EST
Description of problem:
For compliance reasons we need to stop all SSL/TLS devices from allowing low
encryption cipher negotiation. Currently dovecot is throwing up a red-flag in
our scans by allowing low ciphers. There is a config option as listed at:
Under the "SSL Settings" which lists the following config option:
ssl_cipher_list = ALL:!LOW
placing this option the the /etc/dovecot config results in dovecot not being
able to start and throwing an error regarding that config line:
Starting Dovecot Imap: Fatal: Error in configuration file /etc/dovecot.conf line
34: Unknown setting: ssl_cipher_list
Version-Release number of selected component (if applicable):
This config option was added during the development of the 1.0 branch. I'd have
to backport it.
I'm not sure if we can include this feature addition in a RHEL minor update.
It's present in RHEL5 though.
Thanks for the quick update, I hope they'll let you backport the feature in U6,
with more and more enterprises having to go through regular security
certification the addition of this feature to RHEL4 would make a lot of people
*** This bug has been marked as a duplicate of 252031 ***