Auteur: Marco Ocisp Date: À: exim-users@exim.org Sujet: [exim] Issue on Exim 4.72 SSL 3 and POODLE
Hi,I AM using Webuzo panel who is running Exim 4.72 who seems to be vulnerable to POODLE attack and SSL 3.
I cannot update Exim from SSH because will be incompatibile with the panel so I must wait a fix from the panel Staff who are taking very long time and have issue on integrating Exim.
In my exim.confI have
tls_require_ciphers = HIGH:MEDIUM:+TLSv1.2:!SSLv2
if I add :!SSLv3
save and restart outgoing email from Thunderbord and smartphone not work.If I remove the :!SSLv3 final works but there are vulnerability.
If just disable SSlv3 this is ignored as seems in Exim 4.72 I can't disable SSL 3.
In the time I wait a fix from softaculouscan I do something to fix the issue of SSL 3 and POODLE attack?
I AM on CentOs
Thanks.