Re: [exim-dev] [Bug 1535] Option for SSL/TLS Protocol config…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 1535] Option for SSL/TLS Protocol configuration missing/required
On 2014-10-18 Jeremy Harris <jgh@???> wrote:
> On 16/10/14 00:49, Phil Pennock wrote:
>> Looks like the GnuTLS Priority String to use is:


>>     NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0

>
>> Set this as the value of `tls_require_ciphers`, both main section and on SMTP
>> transports.


> Would there be support for the next Exim release version have these
> options (and the OpenSSL one) set by default to disable ssl3 ?


Hello,

afaui POODLE should not be a reason to to disable SSL3 /for/ /SMTP/ -
<20141017064416.258745A0198@???> sounded
convincing to me.

Also I wonder whether exim shouldn't use the TLS library's
sane default values (I do not know about OpenSSL but GnuTLS default
priorities are supposed to be sane. :-)

Somehow related: GnuTLS will probably drop SSL 3.0 from the default
priority strings.
http://mid.gmane.org/CAJU7zaLCuh%3DsEEtg4MDiN%2B2ZuyoyDoEVCeQ9CCtJH%2B1uVEwL5w%40mail.gmail.com
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'