Greetings and Felicitations, we are trying to solve the final PCI compliance issue with our courier mail system. The compliance scan informs us of the issue
995/tcp Weak Supported SSL Ciphers Suites which I think is related to the following entry in /etc/courier/pop3d-ssl TLS_PROTOCOL=SSL23 This is the default value, which accepts connections from either SSLv2 or SSLv3. We need just SSLv3, and the comments in the file say that to achieve this, set TLS_PROTOCOL=SSL3 in the aforementioned file. When I do this, I see the following error message in syslog couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number and nobody can collect there emails. Can somebody please tell me how to we force SSLv3? We are running the standard Ubuntu courier packages : courier-pop-ssl 0.58.0.20080127-1ubuntu1 courier-authdaemon 0.60.1-1ubuntu courier-authlib 0.60.1-1ubuntu2 courier-base 0.58.0.20080127-1ubuntu1 Kind Regards Martin Woolley IT Systems Administrator www.mobilefun.co.uk ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
