Cyrus IMAP 2.4.18 released
Hagedorn at uni-koeln.de
Tue Jul 7 08:42:14 EDT 2015
--On 6. Juli 2015 13:38:16 -0700 Andrew Morgan <morgan at orst.edu> wrote:
> On Mon, 6 Jul 2015, Sebastian Hagedorn wrote:
>> --On 6. Juli 2015 14:23:11 +1000 ellie timoney <ellie at fastmail.com>
>>> Please consult the release notes before upgrading to 2.4.18:
>> The big one is this: "Disable use of SSLv2/SSLv3"
>> When I look at our log files, I see that there are still several hundred
>> SSLv3 connections per day. I'm worried that not all clients used by our
>> users support TLSv1. One such client appears to be Outlook 2003. Has
>> anybody else (especially in education) already turned off SSLv3? What
>> were your experiences?
> I had similar concerns when I was making SSLv3 and cipher changes to my
> LDAP service. I wanted to proactively identify any clients that would be
> affected so we could fix them in advance.
> I used tshark to sniff the ciphers for all my incoming connections, but
> you can also get the TLS version used from the output.
> I wrote it up in a blog post here:
Thanks for your reply! Our Cyrus server is still running RHEL 5, and its
tshark binary doesn't yet support the "-2" flag. I see that it's supposed
to "Perform a two-pass analysis", but I'm unclear on why that is useful or
even necessary? I removed the flag for my tests, and at first glance it
still seems to work. FWIW, I had to modify the pattern matching in the Perl
script, because in our instance there are two tabs before the first IP
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 5313 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150707/aae1d1c7/attachment.bin
More information about the Info-cyrus