On 2014-10-18 Jeremy Harris <[email protected]> wrote: > On 16/10/14 00:49, Phil Pennock wrote: >> Looks like the GnuTLS Priority String to use is: >> NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0 > >> Set this as the value of `tls_require_ciphers`, both main section and on SMTP >> transports.
> Would there be support for the next Exim release version have these > options (and the OpenSSL one) set by default to disable ssl3 ? Hello, afaui POODLE should not be a reason to to disable SSL3 /for/ /SMTP/ - <[email protected]> sounded convincing to me. Also I wonder whether exim shouldn't use the TLS library's sane default values (I do not know about OpenSSL but GnuTLS default priorities are supposed to be sane. :-) Somehow related: GnuTLS will probably drop SSL 3.0 from the default priority strings. http://mid.gmane.org/CAJU7zaLCuh%3DsEEtg4MDiN%2B2ZuyoyDoEVCeQ9CCtJH%2B1uVEwL5w%40mail.gmail.com cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
