Re: [exim] Problem disabling SSLv3 ciphers on Exim 4.72 to d…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhil Pennock at <-
MMPhil Pennock at ->
Delete this message
Reply to this message
Author: Frank Elsner
Date:  
To: exim-users
CC: Phil Pennock, TPCexim
Subject: Re: [exim] Problem disabling SSLv3 ciphers on Exim 4.72 to deal with Poodle vunerability (CVE-2014-3566)
On Mon, 20 Oct 2014 19:31:21 +0000 Phil Pennock wrote:
> On 2014-10-16 at 17:49 +0100, TPCexim@??? wrote:
> >     I have been going round and round in circles trying to do this :-{. I have tried lots of different incantations using tls_require_ciphers but without success.  
> > My exim which came ready built in an RPM is linked with OpenSSL rather than GnuTLS. I am using 'nmap --script ssl-enum-ciphers -p 465' to see what ciphers are offered.

>
> The instructions are in:
>
> https://lists.exim.org/lurker/message/20141017.093614.e5c38176.en.html
>
> Note: you are using OpenSSL, so the `openssl_options` Exim option is the
> one which you need to set. OpenSSL does not permit using a cipherspec 

Sorry, but I can't find 'openssl_options` in the doc for exim-4.72.
                                                                ^^
NewStuff introduces this option for version 4.73.



Kind regards, Frank Elsner

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] POODLE advisory from exim-announce[exim] Throttle incoming connections without stopping smtp auth logins->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)