Re: [exim] Disabling SSLv3 on Exim 4.75

Top Pagina
Delete this message
Reply to this message
Auteur: Ted Cooper
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Disabling SSLv3 on Exim 4.75
On 19/10/14 00:49, Cyborg wrote:
> Openssl has announced a workaround for sslv3. I'm not sure about what it
> does, but maybe you don't need to change exim's config at all.


The update to OpenSSL has enabled TLS_FALLBACK_SCSV protocol extension
which prevents MITM attackers from being able to force a protocol
downgrade. Both the client and the server must be upgraded to support
this protocol for it to be of any use.

You're still better off disabling SSLv3 since the udpate only helps
servers which have been upgraded, and run OpenSSL. Other implementations
may not support the extension.