Disable SSLv2 ?
Wesley Alan Wright
waw+cyrus at uvm.edu
Mon Oct 27 22:35:33 EDT 2008
Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386,
trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry)
requirements yet keep ports 993 and 995 open. Tried 37 different
variations of tls_cipher_list includin draconian tls_cipher_list: -ALL:
+HIGH:-SSLv2m yet
openssl s_client -ssl2 -connect localhost:993
Still yields
SSL handshake has read 987 bytes and written 239 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
I beginning to think it can't be done.\?
-----------------
So I try to rebuild imapd from most current sources. Thinking about --
but haven't yet -- hacking tls.c . Builds just fine, but now
openssl s_client -ssl2 -connect localhost:993
yields
CONNECTED(00000003)
write:errno=104
WHy for?
--------------------
I would consider switching to courier, but I have no desire to convert
all my users' mailbox formats...
-----------------------------------------------------------------------
| Wesley Alan Wright <mailto:Wesley.Wright at uvm.edu> |
| Academic Computing Services __0__ |
| Room 407 Lafayette Building / \ | \ |
| University of Vermont \77 |
| Burlington, Vermont 05405-0160 USA. \\ http://www.uvm.edu/skivt-l |
| Voice:802-656-1254 FAX:802-???-???? vv |
| aim:goim?screenname=maddogskideath http://www.uvm.edu/~waw/ |
More information about the Info-cyrus
mailing list