Disable SSLv2 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386,  
trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry)  
requirements yet keep ports 993 and 995 open. Tried 37 different  
variations of tls_cipher_list includin draconian tls_cipher_list: -ALL: 
+HIGH:-SSLv2m yet

openssl s_client -ssl2 -connect localhost:993


Still yields

SSL handshake has read 987 bytes and written 239 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5


I beginning to think it can't be done.\?

-----------------

So I try to rebuild imapd from most current sources. Thinking about --  
but haven't yet --  hacking tls.c . Builds just fine, but now

openssl s_client -ssl2 -connect localhost:993

yields

CONNECTED(00000003)
write:errno=104
WHy for?
--------------------
I would consider switching to courier, but I have no desire to convert  
all my users' mailbox formats...


-----------------------------------------------------------------------
| Wesley Alan Wright <mailto:Wesley.Wright@xxxxxxx>                   |
| Academic Computing Services       __0__                             |
| Room 407 Lafayette Building      / \ | \                            |
| University of Vermont              \77                              |
| Burlington, Vermont 05405-0160 USA. \\  http://www.uvm.edu/skivt-l  |
| Voice:802-656-1254 FAX:802-???-????  vv                             |
| aim:goim?screenname=maddogskideath      http://www.uvm.edu/~waw/    |



----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux