On 16/10/14 09:03, Marco Gaiarin wrote:
>
> http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability
>
> How to disable SSL 3.0 in exim?
>
> Precisely, in debian exim for squeeze (4.72-6+squeeze4) and wheezy (4.80-7)?
>
>
> Seems to me i've to use 'gnutls_require_protocols', but i've not found
> documentation about it...
tls_require_ciphers = NORMAL:-VERS-SSL3.0
However, be aware you may no longer talk TLS at all to some
sites thus *increasing* your data's exposure.
Suggest you trawl your logs for occurences of "X=SSL" to
see if it's anyone you care about.
--
Cheers,
Jeremy
