Hello,
I use perdition as a proxy-imap server.
After check vulnerabilty with openvas, i found that my perdition
configuration as some vulnerabilty with anonymous and weak cipher suite.
Vulnerabilty Detection result :
Anonymous cipher suites accepted via TLSv1.0, TLSv1.1, TLSv1.2:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
Weak cipher suites accepted via TLSv1.0, TLSv1.1, TLSv1.2:
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
I haven't found in the man perdition how to disable these cipher suite.
As anyone have an idea how to make it ?
Thanks
NB : I use perdition 2.2-16.4
--
Christophe Carles
CNRS - CBI
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo(a)ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86
Hi .
I want connect perdition.imap4s with local imapserver with plain-text,
like this
client --> SSL -> Perdition -> Plain-Text -> myyimapserver
My perdition.conf :
debug
map_library /usr/lib64/libperditiondb_posix_regex.so.0
outgoing_server myimapserver.mydomain
strip_domain remote_login
ssl_cert_file /etc/perdition/perdition.crt.pem
ssl_dh_params_file /etc/perdition/perdition_dhparam.pem
ssl_key_file /etc/perdition/perdition.key.pem
ssl_ca_accept_self_signed
ssl_cert_accept_self_signed
ssl_no_cert_verify
ssl_no_cn_verify
And I'm executing perdition.imap4s with this FLAGS:
perdition.imap4s -ssl_mode ssl_listen --outgoing_port 143
But when I connect with a client, like SquirrelMail Webmail, I got this
error:
perdition.imaps[3967]: Connect: 127.0.0.1:60952->127.0.0.1:993
perdition.imaps[3967]: __perdition_ssl_connection: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
perdition.imaps[3967]: __perdition_ssl_connection: SSL_accept
perdition.imaps[3967]: __perdition_ssl_connection: timeout or no
shared ciphers?
perdition.imaps[3967]: perdition_ssl_server_connection:
perdition_ssl_connection
perdition.imaps[3967]: main: perdition_ssl_server_connection SSL
perdition.imaps[3967]: Fatal error establishing SSL connection to client
Running imap-only (143, without SSL) works fine , but no with SSL (993)
What am I doing wrong?
Thanks any tips!