Disable SSLv3 in Postfix, Dovecot


Disabling certain versions of SSL works like this in Postfix:

In your /etc/postfix/main.cf add or modify the following config parameter like so:


If you are using mandatory TLS you’ll want to set this instead:


These should be fairly self-explanatory, but for further detail read the Postfix configuration parameters documentation.

Do not forget to restart Postfix!


In dovecot, add the following to your configuration:

ssl_protocols = !SSLv2 !SSLv3

…and restart Dovecot. If you use a version of Dovecot older than 2.1, upgrade and then do the above.