[exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M+---\Der komplette Thread sortiert nach Datum
MM-+\M 
MM\MMCyborg am ->
Nachricht löschen
Nachricht beantworten
Autor: Konstantin Boyandin
Datum:  
To: exim-users
Betreff: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list
Hello,

After having scanned 4.90.1 installation with OpenVAS, the below was
reported:

'Weak' cipher suites accepted by this service via the
TLSv1.0/TLSv1.1/TLSv1.2 protocols: TLS_RSA_WITH_SEED_CBC_SHA

Default settings (no explicit "tls_require_ciphers", "openssl_options")
are in use.

Can someone recommend simplest ciphers selection for Exim, to exclude
the mentioned cipher? The settings present on cipherli.st:

tls_require_ciphers = AES128+EECDH:AES128+EDH
openssl_options = +no_sslv2 +no_sslv3

seem kind of too strict, there were reported problems receiving email
after the above were put in effect.

Sincerely,
Konstantin

Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] exim filter for incoming mail to be spamRe: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)