TLSv1.0
James B. Byrne
byrnejb at harte-lyne.ca
Fri Nov 23 15:08:37 EST 2018
We have been informed that our mail server may no longer employ
TLSv1.0. Only TLSv1.1 and higher are now approved. I attempted to
implement this with the following change to imapd.conf:
tls_versions: tls1_2 tls1_3
However restarting imapd does not seem to eliminate TLSv1.0.
# sslscan 216.185.71.17:993
Version: 1.11.11
OpenSSL 1.0.2-chacha (1.0.2k-dev)
Connected to 216.185.71.17
Testing SSL server 216.185.71.17 on port 993 using SNI name 216.185.71.17
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed <<===
Supported Server Cipher(s):
How do I eliminate TLSv1.0?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the Info-cyrus
mailing list