[exim-dev] [Bug 1535] New: Option for SSL/TLS Protocol conf…

Page principale
Ce message fait partie du fil suivant :
M+++\Arborescence complète du fil triée par date
MMMMM 
.MMPhil Pennock à ->
Supprimer ce message
Répondre à ce message
Auteur: Hendrik Voelker
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 1535] New: Option for SSL/TLS Protocol configuration missing/required
------- You are receiving this mail because: -------
You are on the CC list for the bug. 

http://bugs.exim.org/show_bug.cgi?id=1535
           Summary: Option for SSL/TLS Protocol configuration
                    missing/required
           Product: Exim
           Version: 4.84
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: high
         Component: TLS
        AssignedTo: pdp@???
        ReportedBy: hvoelker@???
                CC: exim-dev@???, hvoelker@???



With the now published POODLE attack on SSLv3 (see
https://www.openssl.org/~bodo/ssl-poodle.pdf and
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566) it is time to
switch off this protocol. Unfortunately exim is missing a configuration option
for that.

For example Apache's mod_ssl provides 'SSLProtocol' - which would also be a
good example on how to implement it.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-dev
Informations sur la liste de diffusion | Messages voisins		<-[exim-dev] Bug 238[exim-dev] [Bug 1535] Option for SSL/TLS Protocol configuration missing/required->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)