On Thu, 16 Apr 2015, Paul Heinlein wrote:
On Thu, 16 Apr 2015, Andrew Daviel wrote:
RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes
sendmail-8.13.8-ssl-opts.patch which adds support for disabling SSLv3 and
SSLv2 in sendmail.cf
But as far as I can see there is no support in sendmail.mc - I can't see
how to compile sendmail.mc to get the required line ServerSSLOptions in
sendmail.cf
Does anyone know how to do this ?
At the end of sendmail.mc, after the MAILER macros, add a LOCAL_CONFIG, e.g,,
LOCAL_CONFIG
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
+SSL_OP_CIPHER_SERVER_PREFERENCE
Thanks. That was too obvious; I should have read more documentation. The
generic advisory said to add those lines to the LOCAL_CONFIG section of my
sendmail.mc, but I didn't have a LOCAL_CONFIG section, so I assumed it
was referring to a newer version of sendmail.
Meanwhile, I made a patch for sendmail-cf and sendmail-doc back-ported
from sendmail-8.15.1, if anyone's interested.
Andrew
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
