Re: [exim] POODLE...

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] POODLE...
On Fri, Oct 17, 2014 at 12:13:28PM -0700, Brent Jones wrote:

> Why not just disable the impacted ciphers?
> This seems reasonable to me:
>
> tls_require_ciphers =
> -ALL:+HIGH:-SSLv2:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-MD5:AES256-SHA:AES128-SHA


Very bad cipherlist syntax and entirely futile. You can't disable
the ciphers in question, the problem is with SSLv3 padding, not
the ciphers. The non-POODLE ciphers in SSLv3 is RC4, but RC4 is
also weak and deprecated.

-- 
    Viktor.