You can disable SSLv2 in Courier by adding the following line to both /etc/courier-imap/imapd-ssl and /etc/courier-imap/pop3d-ssl:
1 |
TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" |
After restarting Courier you should test with openssl to verify SSLv2 has been disabled properly:
1 |
openssl s_client -connect localhost:995 -ssl2 |
You can test that weak ciphers have been disabled with the following:
1 |
openssl s_client -connect localhost:995 -cipher EXP:LOW |