[exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list

Top Page
This message is part of the following thread:
M+---\the complete thread tree sorted by date
MM-+\M 
MM\MMCyborg at ->
Delete this message
Reply to this message
Author: Konstantin Boyandin
Date:  
To: exim-users
Subject: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list
Hello,

After having scanned 4.90.1 installation with OpenVAS, the below was
reported:

'Weak' cipher suites accepted by this service via the
TLSv1.0/TLSv1.1/TLSv1.2 protocols: TLS_RSA_WITH_SEED_CBC_SHA

Default settings (no explicit "tls_require_ciphers", "openssl_options")
are in use.

Can someone recommend simplest ciphers selection for Exim, to exclude
the mentioned cipher? The settings present on cipherli.st:

tls_require_ciphers = AES128+EECDH:AES128+EDH
openssl_options = +no_sslv2 +no_sslv3

seem kind of too strict, there were reported problems receiving email
after the above were put in effect.

Sincerely,
Konstantin

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim filter for incoming mail to be spamRe: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)