How to prevent SSLv3/Poodle attack?
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Wed Oct 15 10:11:07 EDT 2014
Hello,
as of today a new exploit against SSL has been revelead which is a
protocol weakness of ancient SSLv3. The common advice is to disable
SSLv3 so the question is how to do this with Cyrus without doing too
much damage.
The first idea is of course to do something like
tls_cipher_list: ALL:-SSLv3:-SSLv2
in imapd.conf.
But i wonder if this is the correct fix because our default from
Ubuntu 12.04 looks like this:
tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH
Any comment how to safely disable SSLv3?
Regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5931 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20141015/3cd2b367/attachment-0001.bin
More information about the Info-cyrus
mailing list