On 2014-10-18 Jeremy Harris <jgh@???> wrote:
> On 16/10/14 00:49, Phil Pennock wrote:
>> Looks like the GnuTLS Priority String to use is:
>> NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
>
>> Set this as the value of `tls_require_ciphers`, both main section and on SMTP
>> transports.
> Would there be support for the next Exim release version have these
> options (and the OpenSSL one) set by default to disable ssl3 ?
Hello,
afaui POODLE should not be a reason to to disable SSL3 /for/ /SMTP/ -
<20141017064416.258745A0198@???> sounded
convincing to me.
Also I wonder whether exim shouldn't use the TLS library's
sane default values (I do not know about OpenSSL but GnuTLS default
priorities are supposed to be sane. :-)
Somehow related: GnuTLS will probably drop SSL 3.0 from the default
priority strings.
http://mid.gmane.org/CAJU7zaLCuh%3DsEEtg4MDiN%2B2ZuyoyDoEVCeQ9CCtJH%2B1uVEwL5w%40mail.gmail.com
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
