Hi Martin,
Am Dienstag, den 03.10.2017, 09:08 +0000 schrieb Hochreiter Martin:
Running a testssl check we have one threat left on the
tls port 143:
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS
threat
Is there any chance to close that in perdition.imap4s.conf?
I'm using 2.2 too and if I check my server on 993
openssl s_client -connect server:993 -CApath /etc/ssl/certs/
the result is fine:
--------
* OK [CAPABILITY IMAP4 IMAP4REV1] ...
R
RENEGOTIATING
[...]
verify return:1
read:errno=0
--------
Also testssl.sh comes to the same result:
Secure Client-Initiated Renegotiation not vulnerable (OK)
Ciao!