Fancy being in the Qualys list of worst recent server tested for SSL? Got a T rating (A being the target) mainly it’s due to the fact that I’m using self-signed certificates (no need to certify my authenticity toward myself), otherwise I’d get a C.
I fixed the following issues so now I get a A (ignoring self-signed):
It’s a good practice to get servers tested every now and then.
Update: for dovecot imap server edit /etc/dovecot/conf.d/10-ssl.conf and set
ssl_protocols = !SSLv3
# note: add also !SSLv2 if openssl < 1.1
For exim the relevant options should be added in your main conffile (depends on your setup, splitted or not, etc):
#openssl_options = +no_sslv2 +no_sslv3 # compiled with SSL
tls_require_ciphers = NORMAL:!VERS-SSL3.0