Re: [exim] Disabling SSLv3 on Exim 4.75

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Ted Cooper
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Disabling SSLv3 on Exim 4.75
On 19/10/14 00:49, Cyborg wrote:
> Openssl has announced a workaround for sslv3. I'm not sure about what it
> does, but maybe you don't need to change exim's config at all.


The update to OpenSSL has enabled TLS_FALLBACK_SCSV protocol extension
which prevents MITM attackers from being able to force a protocol
downgrade. Both the client and the server must be upgraded to support
this protocol for it to be of any use.

You're still better off disabling SSLv3 since the udpate only helps
servers which have been upgraded, and run OpenSSL. Other implementations
may not support the extension.