LinkBack URL
About LinkBacksPort 465. Anyone know how? I need to do this (and everone should) due to known cryptographic flaws in SSL 2.0 protocol and also to pass an audit test.
Disabling insecure SSLv2 in exim SMTPs?
Port 465. Anyone know how? I need to do this (and everone should) due to known cryptographic flaws in SSL 2.0 protocol and also to pass an audit test.
Hi,
To limit smtps to SSLv3 and TLS, add the following to /etc/exim.conf
And then restart exim.Code:tls_require_ciphers = SSLv3:TLS
You can then test with the following command:
Try that using each of the following: -ssl2, -ssl3 and -tls1. It should now only work when using -ssl3 or -tls1. It should fail when you use -ssl2; you'll see something like this at the end and it will drop your connection:Code:openssl s_client -ssl2 -connect your.hostname.com:465
Code:28120:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
Oh, and if you need to do the same for pop3s and imaps, edit the following two files:
/usr/lib/courier-imap/etc/pop3d-ssl
/usr/lib/courier-imap/etc/imapd-ssl
and set the following in each (the directive is probably there and commented out, but you don't want to use what that one is set to):
then restart courier-imap and test the same way as above, except using ports 993 and 995 instead of 465.Code:TLS_CIPHER_LIST="ALL:!SSLv2:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH"
thanks for the tip. I was able to shut it off on exim, but not on the 995/993 ports. I don't have the /usr/lib/courier... directory. How else would I find what config file is used on my system for these ports?
ah... /scripts/convert2maildir
Reply With Quote