A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.
So I'd say the server should accept v2 Hellos and end the connection if v2 is the only protocol the client can talk.
However maybe adding "--dont-use-sslvX" arguments would be a nice feature enhancement for nagios plugins.
This is rather an issue of the IMAP daemon IMO.
from http:// openssl. org/docs/ ssl/SSL_ CTX_new. html: method( void), SSLv23_ server_ method( void), SSLv23_ client_ method( void)
SSLv23_
A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.
So I'd say the server should accept v2 Hellos and end the connection if v2 is the only protocol the client can talk.
However maybe adding "--dont-use-sslvX" arguments would be a nice feature enhancement for nagios plugins.
Matthias