Dear all,
I am trying to disable SSLv3 on perdition 2.0-1.x86_64
It is running in a RHEL 6.5 clone and it was compiled with the SPEC files.
In theory, I should apply the following configuration but it also
disables TLSv1 and TLSv1.1, being TLSv1.2 still available.
---
ssl_listen_ciphers "ALL:!SSLv2:!SSLv3"
---
I don't know much about cryptography but I
guess it makes sense because I obtain the same result in all my
boxes (RHEL 6.5 , Fedora and FreeBSD 10) when I execute:
openssl ciphers -v 'ALL:!SSLv2:!SSLv3'
What would be the best way to disable SSLv2 and SSLv3 for incoming and
outgoing connections?
Regards,
Xavier Garcia
Hello.
I'm currently trying to understand some issue I see with Perdition
connecting to MS Exchange.
For some reason some commands seem to do nothing, while they work fine if
used directly and not going through Perdition (version 2.1 running on
RHEL7 btw).
Here's what I see when I do a packet capture on the traffic going from the
server running Perdition (MS exchange = lines starting with S, and
perdition on the lines starting with C):
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: flim07 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN STARTTLS
UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
S: flim07 OK CAPABILITY completed.
C: flim08 LOGIN {7}
S: + Ready for additional command text.
C: use-rna {20}
S: + Ready for additional command text.
C: thisISaLoNgPasswordd
S: flim08 OK LOGIN completed.
C: A002 SELECT "INBOX"
...and here it just seems to hang, no traffic is returned...
If I go to the server running Perdition and run these commands manually
with the help of "telnet msexchangeserver 143", they seem to work fine:
* OK The Microsoft Exchange IMAP4 service is ready.
flim07 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN STARTTLS
UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
flim07 OK CAPABILITY completed.
flim08 LOGIN {7}
+ Ready for additional command text.
use-rna {20}
+ Ready for additional command text.
thisISaLoNgPasswordd
flim08 OK LOGIN completed.
A002 SELECT "INBOX"
* 11 EXISTS
* 0 RECENT
* FLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)
* OK [PERMANENTFLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)]
Permanent flags
* OK [UNSEEN 1] Is the first unseen message
* OK [UIDVALIDITY 2389685] UIDVALIDITY value
* OK [UIDNEXT 45] The next unique identifier value
A002 OK [READ-WRITE] SELECT completed.
A003 LOGOUT
* BYE Microsoft Exchange Server 2010 IMAP4 server signing off.
A003 OK LOGOUT completed.
Am I missing something obvious here?
Regards
Eivind Olsen
Hi guys,
Recently, our group are trying to find ssl security problems by static
anlysis. Now we have find some problems in perdition and report this bugs
to the launchpad, but we haven't receive any responses.
Could you please take a look at this bug:
*https://bugs.launchpad.net/ubuntu/+source/perdition/+bug/1380304
<https://bugs.launchpad.net/ubuntu/+source/perdition/+bug/1380304>*
Thanks,
Rainkin
