On 10/21/2014 11:40 AM, Quinn Comendant wrote:
On Tue, 21 Oct 2014 23:27:35 +0545, Quinn Comendant wrote:
On Fri, 17 Oct 2014 10:52:12 +0300, Catalin Leanca wrote:
But how about SMTP ? How to disable SSLv3 over 587 submission port ?
Here's a comprehensive list of how to disable SSLv3 in everything *except*
qmail:
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
Perhaps if anybody does discover how they can update this answer.
Q
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
I haven't researched this poodle thing thoroughly, but have learned that
TLS isn't affected. That's not all bad, as TLS should be preferred anywise.
In order to disable SSL in dovecot, you could either block the SSL ports
(993, 995) in the firewall, or change /etc/dovecot/toaster.conf file by
adding :!SSLv3 to the list of ciphers:
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:DES-CBC3-SHA
While SSLv3 is technically not a cipher, this tells dovecot to not use
any ciphers which use SSLv3. Of course, having port 993 open if there's
no SSL being used is pointless.
There's no real need to disable SSLv3, because it cannot be used on port
587, only TLS can, and TLS is ok. If you're using smtps on port 465, you
might want to discontinue doing that.
BL, TLS should be used for everything. Unfortunately, some older email
clients (Outlook'03 comes to mind) can't use TLS.
Thanks.
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]