Hi everyone,
I managed to disable SSLv3 in /etc/courier/imapd-ssl and
/etc/courier/pop3-ssl
Changed TLS_PROTOCOL=SSLv3 to TLS_PROTOCOL=TLS1
But how about SMTP ? How to disable SSLv3 over 587 submission port ?
Regards,
Catalin L
On 17/10/14 09:34, Nikolay Mitev wrote:
Hi Eric,
Thanks for the tip, we expect the update.
Best regards,
Nikolay
On Thu, Oct 16, 2014 at 11:05 PM, Peter Peltonen
<peter.pelto...@gmail.com <mailto:peter.pelto...@gmail.com>> wrote:
Hi,
On Thu, Oct 16, 2014 at 1:51 AM, Eric Shubert <e...@shubes.net
<mailto:e...@shubes.net>> wrote:
> In order to disable SSLv3, you need to change your cyphers list in
> /etc/dovecot/toaster.conf file for dovecot, and
> /var/qmail/control/tlsserverciphers for qmail-smtpd.
>
> If you turn off SSLv3, that includes TLS, so you'd better turn
off plain and
> login authentication methods as well. Looks like digest-md5 or
cram-md5
> would be the only non-plain-text authentication methods
available. I imagine
> Dan's loving that. ;)
Regarding this StackExchange information:
http://security.stackexchange.com/questions/70832/why-doesnt-the-tls-protocol-work-without-the-sslv3-ciphersuites
there is no need to disable ciphers, but only SSL v3 protocol (POODLE
is a protocol, not cipher, problem)?
Here you can find software specific instructions for disabling SSL v3,
including Dovecot:
https://linode.com/docs/security/security-patches/disabling-sslv3-for-poodle
I haven't tried these yet as it seems I need to upgrade my Dovecot
installations first to be able to disable sslv3...
Best,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
--
CS Catalin LEANCA
ICI ROTLD - Serviciul Tehnic
Bd. Maresal Averescu 8-10,
Sector 1, Bucuresti