drown/SSL issue

Tony Galecki asgalecki at ucsd.edu
Thu Mar 3 13:06:33 EST 2016


Lots of fiddling arround, tls_versions: ssl3 tls1_2 in the imapd.conf file also fixed the issue. However, some clients (notably older Mac Mail clients) were not able to connect.

> On Mar 3, 2016, at 2:49 AM, Wolfgang Breyha <wbreyha at gmx.net> wrote:
> 
> On 02/03/16 12:02, Wolfgang Breyha via Info-cyrus wrote:
>> You do not need to rebuild OpenSSL. I would check the SPEC File of the CentOS
>> 7 RPM which patches they included. If the TLS changes were not backported I
>> would try to build one of the newer 2.4.18 SRPMs for Fedora (eg. 23) on CentOS 7.
> 
> As of today RHEL/CentOS ships openssl updates with deactivated SSLv2 at
> build time. It should be enough to update it and restart cyrus.
> 
> Greetings, Wolfgang
> -- 
> Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
> Vienna University Computer Center | Austria



More information about the Info-cyrus mailing list