I’m on a roll this week, shortly after hitting a wall and posting to the forums, I figure it out.
There are two ways to achieve this.
Edit the /etc/courier/imapd-ssl and /etc/courier/pop3d-ssl lines to the above. I’ve tested using “openssl s_client -connect mail.myserver.com:995 -tls1” and was not able to connect after making this change.
Edit the ciphers to block this: “…:!TLSv1:!TLSv1.1”
But making the cipher change directly on the file did work.
I imagine out of the 2 above, it makes more sense to go with option 1 since you aren’t even enabling that as an option to start with, but option 2 is nice (once the bug is fixed) because it can be done through NodeWorx and not manual editing of config file.
I’m sorry, it’s late here but to answer your question, yes, TLS 1 through to 1.2 should work. Certainly on centos 6.8 it does
By restricting TLS, you are effectively reducing the number of email servers which could connect/your server could connect too…
I’m not sure about centos 7 sorry, as I do not use centos 7 in production
You can set the ciphers directly from my post shown in mods, for .sh changes (sorry, it’s late and I cannot remember the term), and if you change any ciphers independently, could stop Apache/quail from restarting, due to differences
I’ll pick this up tommorow at some point if alright, when thinking clearer after a couple of beers
Hope that’s alright but your definitely on fire… kudos to you