Disable SSL v2 in imap

EWD

Well-Known Member
PartnerNOC
Aug 19, 2003
165
0
166
NY
Hi Guys,

To disable SSL v2 in apache you add "SSLProtocol all -SSLv2" to httpd.conf.

How do I go about doing the same for IMAP?

We have installed a SSL certificate to IMAP via WHM and now customers running PCI scanning(like scanalert, hackerguardian, etc...) are getting flagged because SSL v2 is enable on port 993.

Anyone have any ideas?

Thanks in advance for any help.
 

EWD

Well-Known Member
PartnerNOC
Aug 19, 2003
165
0
166
NY
Hey Conor, fancy meeting you here ;)

That is the exact issue I am having :/
 

EWD

Well-Known Member
PartnerNOC
Aug 19, 2003
165
0
166
NY
Heh,

in WHM > Service Configuration > Courier Configuration" you can:

- Only permit SSLv2 connections
- Permit SSL v2 or v3 connections and TLSv1 connections
- Only permit TLSv1 Connections

But why would CPanel not add the option to only permit SSLv3?
Just weird.

I guess we can select "Only permit TLSv1 Connections" ??
 

SageBrian

Well-Known Member
Jun 1, 2002
413
2
318
NY/CT (US)
cPanel Access Level
Root Administrator
it seems the proper way CPanel should word their config screen is:

- Permit SSLv2 or less
- Permit SSLv3
- Permit TLSv1

Then we can decide which to enable

Brian