31 Oct
2014
31 Oct
'14
12:59 p.m.
Dear all,
I am trying to disable SSLv3 on perdition 2.0-1.x86_64
It is running in a RHEL 6.5 clone and it was compiled with the SPEC files.
In theory, I should apply the following configuration but it also
disables TLSv1 and TLSv1.1, being TLSv1.2 still available.
---
ssl_listen_ciphers "ALL:!SSLv2:!SSLv3"
---
I don't know much about cryptography but I
guess it makes sense because I obtain the same result in all my
boxes (RHEL 6.5 , Fedora and FreeBSD 10) when I execute:
openssl ciphers -v 'ALL:!SSLv2:!SSLv3'
What would be the best way to disable SSLv2 and SSLv3 for incoming and
outgoing connections?
Regards,
Xavier Garcia
31 Oct
31 Oct
1:10 p.m.
Hi all,
I have to disable it in /etc/sysconfig/perdition :
POP3S_FLAGS="--outgoing_port 110 --ssl_mode tls_listen,tls_listen_force"
IMAP4S_FLAGS="--outgoing_port 143 --ssl_mode tls_listen,tls_listen_force"
Hope it will help you.
Regards
Mael
-----Message d'origine-----
De : perdition-users-bounces(a)vergenet.net [mailto:perdition-users-bounces@vergenet.net] De
la part de Xavier Garcia
Envoyé : vendredi 31 octobre 2014 13:59
À : perdition-users(a)vergenet.net
Objet : [PERDITION-USERS] Disabling SSLv3
Dear all,
I am trying to disable SSLv3 on perdition 2.0-1.x86_64 It is running in a RHEL 6.5 clone
and it was compiled with the SPEC files.
In theory, I should apply the following configuration but it also disables TLSv1 and
TLSv1.1, being TLSv1.2 still available.
---
ssl_listen_ciphers "ALL:!SSLv2:!SSLv3"
---
I don't know much about cryptography but I guess it makes sense because I obtain the
same result in all my boxes (RHEL 6.5 , Fedora and FreeBSD 10) when I execute:
openssl ciphers -v 'ALL:!SSLv2:!SSLv3'
What would be the best way to disable SSLv2 and SSLv3 for incoming and outgoing
connections?
Regards,
Xavier Garcia
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
----
1:31 p.m.
Hi,
AFAIK, this enables STARTTLS in the port instead of starting a
purely encrypted connection.
nc -vv imapproxy01i 993
Connection to imapproxy01i 993 port [tcp/imaps] succeeded!
* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES
* MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE
* LOGIN-REFERRALS STARTTLS LOGINDISABLED] perdition ready on
* imapproxy01i 00028de7
I haven't tested but I think this may not change the list of
accepted cyphers. After reading the manual and some messages in
the list, it seems that all references to TLS in the
configuration are aiming at STARTTLS and the only way to change
the valid ciphers is with *ssl_listen_ciphers* and
*ssl_outgoing_ciphers*. Am I mistaken?
Regards,
Xavier Garcia
On Fri, Oct 31, 2014 at 02:10:42PM +0100, LE SAOUT Mael wrote:
Hi all,
I have to disable it in /etc/sysconfig/perdition :
POP3S_FLAGS="--outgoing_port 110 --ssl_mode tls_listen,tls_listen_force"
IMAP4S_FLAGS="--outgoing_port 143 --ssl_mode tls_listen,tls_listen_force"
Hope it will help you.
Regards
Mael
-----Message d'origine-----
De?: perdition-users-bounces(a)vergenet.net [mailto:perdition-users-bounces@vergenet.net]
De la part de Xavier Garcia
Envoy??: vendredi 31 octobre 2014 13:59
??: perdition-users(a)vergenet.net
Objet?: [PERDITION-USERS] Disabling SSLv3
Dear all,
I am trying to disable SSLv3 on perdition 2.0-1.x86_64 It is running in a RHEL 6.5 clone
and it was compiled with the SPEC files.
In theory, I should apply the following configuration but it also disables TLSv1 and
TLSv1.1, being TLSv1.2 still available.
---
ssl_listen_ciphers "ALL:!SSLv2:!SSLv3"
---
I don't know much about cryptography but I guess it makes sense because I obtain the
same result in all my boxes (RHEL 6.5 , Fedora and FreeBSD 10) when I execute:
openssl ciphers -v 'ALL:!SSLv2:!SSLv3'
What would be the best way to disable SSLv2 and SSLv3 for incoming and outgoing
connections?
Regards,
Xavier Garcia
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
----
3475
days inactive
3475
days old
2 comments
2 participants
participants (2)
-
LE SAOUT Mael -
Xavier Garcia