Re: [exim] POODLE advisory from exim-announce

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] POODLE advisory from exim-announce
On Sun, Oct 19, 2014 at 03:32:26AM +0000, Phil Pennock wrote:

> On 2014-10-18 at 10:37 +0200, elrippo wrote:
> > I am running exim on Ubuntu 12.04 LTS
> >
> > If i define "tls_require_ciphers = NORMAL:!VERS-SSL3.0"
> >
> > i get an error in the log and the messages are not handled...
> > "2014-10-18 10:07:55 TLS error on connection from (user) [151.236.xxx.xxx] (gnutls_handshake): No supported cipher suites have been found."
> >
> > Can you advise please?
>
> That client only supports SSL and doesn't support TLS?


More likely the syntax is subtly wrong, the user disabled all SSLv3
ciphers instead of disabling the SSLv3 protocol with its sub-optimal
use of CBC padding.

The best advise for most SMTP server operators with respect to
"POODLE" is "do nothing". Even if you don't make any mistakes,
there is little to be gained by disabling SSLv3.

This is an HTTPS problem, to be addressed by web browsers and
web server operators.

-- 
    Viktor.