On Wed, 6 Jan 2021, Kenneth Porter wrote: > --On Tuesday, January 05, 2021 7:40 PM -0800 david <david at daku.org> wrote: > >> In examining the file >> /etc/dovecot/conf.d/10-ssl.conf >> I see the text line: >> ssl_cipher_list = PROFILE=SYSTEM >> >> Yet, I cannot find any documentation that explains what that causes, >> where the values are stored. I ask because I don't see that text line in >> other installations of Dovecot 2.3 on other distros. Can anyone point me >> to an explanation? > > The value of ssl_cipher_list is passed directly to OpenSSL's > SSL_CTX_set_cipher_list(): > > <https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cipher_list.html> > > See here for the meaning of PROFILE=SYSTEM: > > <https://fedoraproject.org/wiki/Changes/CryptoPolicy#Scope> Additionally, on your local system, look at * the crypto-policies(7) man page * the update-crypto-policies(8) man page * the contents of the /etc/crypto-policies directory tree Several applications use these policies, so it's worthwhile to take a look around. -- Paul Heinlein heinlein at madboa.com 45°38' N, 122°6' W