* Grooz, Marc (regio iT) <[email protected]>: > OK but is there a way to set this parameter in openssl or somewhere else?
Try patching it using "SSL_version" as documented in http://search.cpan.org/~sullr/IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pod. p@rick > > Kind regards marc > > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] > Gesendet: Dienstag, 17. März 2015 15:48 > An: Grooz, Marc (regio iT) > Cc: [email protected] > Betreff: Re: Disable SSLv3 an select ciphers in amavis > > Hello, > > currently amavis does not configure this parameters. > > In amavisd-new 2.10.1 the server side STARTTLS is done at amavisd line number > 21939 in process_smtp_request(): > > IO::Socket::SSL->start_SSL($sock, > SSL_server => 1, SSL_session_cache => 2, > SSL_error_trap => sub { my($sock,$msg)=@_; > do_log(-2,"Error on socket: %s",$msg) }, > SSL_passwd_cb => sub { 'example' }, > SSL_key_file => $smtpd_tls_key_file, > SSL_cert_file => $smtpd_tls_cert_file, > ) or die "Error upgrading socket to SSL: ". > IO::Socket::SSL::errstr(); > > And client side in ssl_upgrade() at line number 8389: > > IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache, > SSL_error_trap => > sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) }, > %params, > ) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr(); > > Both do not set SSL_version, SSL_cipher_list or SSL_honor_cipher_order. > > regards, > Markus > > > On Tue, Mar 17, 2015 at 01:18:08PM +0000, Grooz, Marc (regio iT) wrote: > > Hi, > > is there a way to disable SSLv3 and control witch ciphers amavis use? > > Kind regards > > Marc > > -- > Markus Benning, https://markusbenning.de/ -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
