------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1535 Summary: Option for SSL/TLS Protocol configuration missing/required Product: Exim Version: 4.84 Platform: Other OS/Version: Linux Status: NEW Severity: security Priority: high Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected], [email protected] With the now published POODLE attack on SSLv3 (see https://www.openssl.org/~bodo/ssl-poodle.pdf and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566) it is time to switch off this protocol. Unfortunately exim is missing a configuration option for that. For example Apache's mod_ssl provides 'SSLProtocol' - which would also be a good example on how to implement it. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
