Re: [exim] POODLE advisory from exim-announce

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: elrippo
CC: exim-users, Todd Lyons
Subject: Re: [exim] POODLE advisory from exim-announce
On 2014-11-01 at 11:11 +0100, elrippo wrote:
> I advised exim4 to use these ciphers, because nothing else is working, either writing mails nore recieving mails from other mail servers.
>
> tls_require_ciphers = NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0
>
>
>
> I sent a mail using my desktop client and my domain to google. Incomming exim4 used SSL outgoing TLS?!?!


Let's go back to Tony's mail a moment here:

----------------------------8< cut here >8------------------------------
To disable SSLv3 in Exim when compiled with GnuTLS, set the following in
both the main options section of your configuration file (for incoming
connection) and on your SMTP transports (for outgoing connections).

        tls_require_ciphers = NORMAL:!VERS-SSL3.0
----------------------------8< cut here >8------------------------------


It looks very much like you're only changing `tls_require_ciphers` in
the main section of the configuration file, not on the SMTP Transport(s)
too.

-Phil