Re: [exim] POODLE...

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] POODLE...
Am 16.10.2014 um 19:58 schrieb Jeremy Harris:
> On 16/10/14 09:03, Marco Gaiarin wrote:
>>     http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

>>
>> How to disable SSL 3.0 in exim?
>>
>> Precisely, in debian exim for squeeze (4.72-6+squeeze4) and wheezy (4.80-7)?
>>
>>
>> Seems to me i've to use 'gnutls_require_protocols', but i've not found
>> documentation about it...
> tls_require_ciphers = NORMAL:-VERS-SSL3.0
>
> However, be aware you may no longer talk TLS at all to some
> sites thus *increasing* your data's exposure.
>

But with the magnitude of a vulnerbility, you can get rid of the ssl
overhead and talk in cleartext and get some beneficial speed out of it ;)

Cyborg