Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386,
trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry)
requirements yet keep ports 993 and 995 open. Tried 37 different
variations of tls_cipher_list includin draconian tls_cipher_list: -ALL:
+HIGH:-SSLv2m yet
openssl s_client -ssl2 -connect localhost:993
Still yields
SSL handshake has read 987 bytes and written 239 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
I beginning to think it can't be done.\?
-----------------
So I try to rebuild imapd from most current sources. Thinking about --
but haven't yet -- hacking tls.c . Builds just fine, but now
openssl s_client -ssl2 -connect localhost:993
yields
CONNECTED(00000003)
write:errno=104
WHy for?
--------------------
I would consider switching to courier, but I have no desire to convert
all my users' mailbox formats...
-----------------------------------------------------------------------
| Wesley Alan Wright <mailto:Wesley.Wright@xxxxxxx> |
| Academic Computing Services __0__ |
| Room 407 Lafayette Building / \ | \ |
| University of Vermont \77 |
| Burlington, Vermont 05405-0160 USA. \\ http://www.uvm.edu/skivt-l |
| Voice:802-656-1254 FAX:802-???-???? vv |
| aim:goim?screenname=maddogskideath http://www.uvm.edu/~waw/ |
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
