diff -u dovecot-1.0.15/debian/dovecot-common.postinst dovecot-1.0.15/debian/dovecot-common.postinst --- dovecot-1.0.15/debian/dovecot-common.postinst +++ dovecot-1.0.15/debian/dovecot-common.postinst @@ -14,6 +14,11 @@ fi done + # On new installs, remove support for SSLv2 + if [ -z "$2" ]; then + sed -i -e "s/\#ssl_cipher_list = ALL\:\!LOW/ssl_cipher_list = ALL\:\!LOW\:\!SSLv2/" /etc/dovecot/dovecot.conf + fi + if [ -n "`id -u imapd 2> /dev/null`" ]; then /usr/sbin/deluser imapd || true /usr/sbin/delgroup imapd || true diff -u dovecot-1.0.15/debian/dovecot-common.README.Debian dovecot-1.0.15/debian/dovecot-common.README.Debian --- dovecot-1.0.15/debian/dovecot-common.README.Debian +++ dovecot-1.0.15/debian/dovecot-common.README.Debian @@ -437,6 +437,15 @@ It needs to be added into protocols line in configuration file. +17. How to enable support for SSLv2? + +New installation of Ubuntu's version of dovecot doesn't support SSLv2 by +default. This is for security reasons. If you require support for SSLv2, +it would be better to upgrade your clients, than enable SSLv2 in dovecot. + +SSLv2 can be enabled by commenting out ssl_cipher_list in +/etc/dovecot/dovecot.conf. We strongly recommend leaving SSLv2 disabled. + Troubleshooting --------------- diff -u dovecot-1.0.15/debian/changelog dovecot-1.0.15/debian/changelog --- dovecot-1.0.15/debian/changelog +++ dovecot-1.0.15/debian/changelog @@ -1,3 +1,13 @@ +dovecot (1:1.0.15-1ubuntu2) intrepid; urgency=low + + * debian/dovecot-common.postinst: + - disable SSLv2 on new installations in /etc/dovecot/dovecot.conf + * debian/dovecot-common.README.Debian: + - add 'howto' for enabling SSLv2 support in Question and Answers + chapter + + -- Ante Karamatic Mon, 21 Jul 2008 00:48:49 +0200 + dovecot (1:1.0.15-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: