On Mon, Oct 01, 2007 at 03:23:07PM -0700, Rick King wrote:
> Hello List!
>
> I have a client that is using openssl version, 0.9.7a
> Feb 19 2003. Recently, he ran a security audit on his
> machine, and the report came back stated the
> following:
>
> Vulnerability -- imaps (993/tcp) - 21643 Synopsis
> : The remote service supports the use of weak SSL
> ciphers
>
> Vulnerability -- pop3s (995/tcp) - 21643 Synopsis
> : The remote service supports the use of weak SSL
> ciphers
All fine and good, but are all the IMAP clients you need to support
SSLv3/TLSv1 capable? If so, you can typically configure the IMAP server
cipherlist to exclude SSLv2.
DEFAULT:!SSLv2
Some products also let you choose the list of supported protocols (SSLv2,
SSLv3 or TLSv1), but this is less common.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
