[exim] TLS Authentication Strength

Top Page
Delete this message
Reply to this message
Author: andylockran
Date:  
To: exim-users
Subject: [exim] TLS Authentication Strength
Guys,

I'm setting up a cluster of servers for the PCI DSS and I've only got one vulnerability left - which is that SSL/TLS supports weak authentication in exim. (I managed to set SSLv2 to disabled on exim with the following line:)

tls_require_ciphers = HIGH:!MEDIUM:!LOW:SSLv3:!SSLv2:!DES

Unfortunately, this does not set the authentication method to only suport HIGH Levels of encryption (128bit or above).

I can't find any information about where this should be set.. and i know this line works as it manages to disable SSLv2. I've checked section 38 of the manual (and 38.4 specifically as I'm using openssl).

One of the solutions may be to specify the particular encryption methods on this line - but does anyone know a way of implementing the HIGH:MEDIUM:LOW setting in a similar way to the following (from proftpd).

TLSCipherSuite                  HIGH:MEDIUM:!ADH:!SSLv2


Regards,

Andy Loughran