Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 235035 - RHEL dovecot does not support the ssl_cipher_list config option
Summary: RHEL dovecot does not support the ssl_cipher_list config option
Keywords:
Status: CLOSED DUPLICATE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dovecot
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Janousek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-03 14:39 UTC by Chris Stankaitis
Modified: 2007-11-17 01:14 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-13 20:25:19 UTC


Attachments (Terms of Use)

Description Chris Stankaitis 2007-04-03 14:39:55 UTC
Description of problem:

For compliance reasons we need to stop all SSL/TLS devices from allowing low
encryption cipher negotiation.  Currently dovecot is throwing up a red-flag in
our scans by allowing low ciphers.  There is a config option as listed at:

http://wiki.dovecot.org/MainConfig

Under the "SSL Settings" which lists the following config option:

ssl_cipher_list = ALL:!LOW

placing this option the the /etc/dovecot config results in dovecot not being
able to start and throwing an error regarding that config line:

Starting Dovecot Imap: Fatal: Error in configuration file /etc/dovecot.conf line
34: Unknown setting: ssl_cipher_list


Version-Release number of selected component (if applicable):

dovecot-0.99.11-4.EL4.i386

Comment 1 Tomas Janousek 2007-04-04 16:26:53 UTC
This config option was added during the development of the 1.0 branch. I'd have
to backport it.

I'm not sure if we can include this feature addition in a RHEL minor update.
It's present in RHEL5 though.

Comment 2 Chris Stankaitis 2007-04-04 18:03:15 UTC
Thanks for the quick update, I hope they'll let you backport the feature in U6,
with more and more enterprises having to go through regular security
certification the addition of this feature to RHEL4 would make a lot of people
happy IMHO.

Comment 3 Tomas Janousek 2007-08-13 20:25:19 UTC

*** This bug has been marked as a duplicate of 252031 ***


Note You need to log in before you can comment on or make changes to this bug.