RE: [qmailtoaster] Drown attack

Fri, 04 Mar 2016 13:14:55 -0800 

Emiliano,

Thx very much for this.

 

Are some of those ciphers not weak and perhaps should be removed?  anything rc2 
or rc4 based?  Maybe anything rsa?

 

Thx for any insight!

 

Helmut

 

From: Emiliano Lima [mailto:[email protected]] 
Sent: Friday, March 04, 2016 6:52 AM
To: [email protected]; [email protected]
Subject: Re: [qmailtoaster] Drown attack

 

Just add the same line is below ..


 cat  /var/qmail/control/tlsserverciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5

ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM

 

2016-03-04 11:27 GMT-03:00 Eric <[email protected]>:

Thanks Emiliano,

I have the following in tlsserverciphers, should I remove them and add your 
line our just add your line?

DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5

Eric







On 3/4/2016 5:11 AM, Emiliano Lima wrote:

HI,

The following solution.
Perform update openssl package

yum update openssl  (y)
No arquivo tlsserverciphers

/var/qmail/control/tlsserverciphers

Include the following command in 

ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM

[ PicaLO_p0:root ] qmailctl cdb
Reloaded /etc/tcprules.d/tcp.smtp
Reloaded /var/qmail/control/badmimetypes.cdb
Reloaded /var/qmail/control/badloadertypes.cdb
Reloaded /var/qmail/control/simversions.cdb
Reloaded /var/qmail/control/simcontrol.cdb
[ Space_p0:root ] qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
[ Space_p0:root ]



 

2016-03-03 20:29 GMT-03:00 Helmut Fritz <[email protected]>:

I too am wondering the same thing.  It is not easy to tell with the somewhat
obscure functioning of openssl and tls with smtp, imap, and pop.  At least I
am not sure I get how it all works!


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, March 01, 2016 11:34 AM
To: [email protected]
Subject: [qmailtoaster] Drown attack

QMT stock build affected by Drown attack?

see:  https://drownattack.com/

- Fabe S.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to