On 04/02/16 21:24, Marco Ocisp wrote: > Hi,I AM using Webuzo panel who is running Exim 4.72 who seems to be > vulnerable to POODLE attack and SSL 3. > I cannot update Exim from SSH because will be incompatibile with the panel so > I must wait a fix from the panel Staff who are taking very long time and have > issue on integrating Exim. > In my exim.confI have > tls_require_ciphers = HIGH:MEDIUM:+TLSv1.2:!SSLv2 > if I add :!SSLv3 > save and restart outgoing email from Thunderbord and smartphone not work.If I > remove the :!SSLv3 final works but there are vulnerability. > If just disable SSlv3 this is ignored as seems in Exim 4.72 I can't disable > SSL 3. > In the time I wait a fix from softaculouscan I do something to fix the issue > of SSL 3 and POODLE attack? > I AM on CentOs > Thanks.
There might not be a concern on this front. POODLE is a web based attack and is most likely not viable on email protocols. There was an announcement regarding this back in Oct 2014: https://lists.exim.org/lurker/message/20141017.093614.e5c38176.en.html I agree with Jeremy though - there should be a more up to date hosting provider out there. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
