[exim-dev] [Bug 1535] New: Option for SSL/TLS Protocol conf…

Top Page
Delete this message
Reply to this message
Author: Hendrik Voelker
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1535] New: Option for SSL/TLS Protocol configuration missing/required
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1535
           Summary: Option for SSL/TLS Protocol configuration
                    missing/required
           Product: Exim
           Version: 4.84
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: high
         Component: TLS
        AssignedTo: pdp@???
        ReportedBy: hvoelker@???
                CC: exim-dev@???, hvoelker@???



With the now published POODLE attack on SSLv3 (see
https://www.openssl.org/~bodo/ssl-poodle.pdf and
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566) it is time to
switch off this protocol. Unfortunately exim is missing a configuration option
for that.

For example Apache's mod_ssl provides 'SSLProtocol' - which would also be a
good example on how to implement it.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email