Hi, > This has changed; if anything needs to be updated it's the documentation.
O.K. I haven't check all documentation but at least I think comment of configuration file should be updated. Because I saw "TLS1" configuration as workaround of POODLE vulnerability in some site. e.g. http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack *** libs/imap/imapd-ssl.dist.in.old 2014-10-21 20:48:46.000000000 +0900 --- libs/imap/imapd-ssl.dist.in 2014-10-21 20:49:37.000000000 +0900 *************** *** 122,128 **** # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) ! # TLS1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # --- 122,128 ---- # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) ! # TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # *** libs/imap/pop3d-ssl.dist.in.old 2014-10-21 20:49:56.000000000 +0900 --- libs/imap/pop3d-ssl.dist.in 2014-10-21 20:50:18.000000000 +0900 *************** *** 105,111 **** # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) ! # TLS1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # --- 105,111 ---- # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) ! # TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # Thanks. On 2014/10/21 19:58, Sam Varshavchik wrote: > Hideki SAKAMOTO writes: > >> Hi, >> >> I found a typo in libs/tcpd/libcouriertls.c and SSLv3 was still >> available with "TLS_PROTOCOL=TLS1" configuration. > > This has changed; if anything needs to be updated it's the documentation. > >> >> This is patch for libs/tcpd/libcouriertls.c: >> >> diff -c libs/tcpd/libcouriertls.c.old libs/tcpd/libcouriertls.c >> *** libs/tcpd/libcouriertls.c.old 2014-10-21 10:58:43.000000000 +0900 >> --- libs/tcpd/libcouriertls.c 2014-10-21 11:03:24.000000000 +0900 >> *************** >> *** 530,536 **** >> ? SSLv3_method(): >> strcmp(protocol, "SSL23") == 0 >> ? SSLv23_method(): >> ! strcmp(protocol, "TLSv1") == 0 >> ? TLSv1_method(): >> #ifdef HAVE_TLSV1_1_METHOD >> strcmp(protocol, "TLSv1.1") == 0 >> --- 530,536 ---- >> ? SSLv3_method(): >> strcmp(protocol, "SSL23") == 0 >> ? SSLv23_method(): >> ! strcmp(protocol, "TLS1") == 0 >> ? TLSv1_method(): >> #ifdef HAVE_TLSV1_1_METHOD >> strcmp(protocol, "TLSv1.1") == 0 >> >> Thanks. >> >> ------------------------------------------------------------------------------ >> >> Comprehensive Server Monitoring with Site24x7. >> Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push notifications. >> Take corrective actions from your mobile device. >> http://p.sf.net/sfu/Zoho >> _______________________________________________ >> Courier-imap mailing list >> Courier-imap@lists.sourceforge.net >> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > > > > _______________________________________________ > Courier-imap mailing list > Courier-imap@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
