Re: Disable SSLv2 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wesley Alan Wright wrote:
> Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386,  
> trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry)  
> requirements yet keep ports 993 and 995 open. Tried 37 different  
> variations of tls_cipher_list includin draconian tls_cipher_list: -ALL: 
> +HIGH:-SSLv2m yet
> 
> openssl s_client -ssl2 -connect localhost:993
> 
> 
> Still yields
> 
> SSL handshake has read 987 bytes and written 239 bytes
> ---
> New, SSLv2, Cipher is DES-CBC3-MD5
> Server public key is 1024 bit
> SSL-Session:
>     Protocol  : SSLv2
>     Cipher    : DES-CBC3-MD5
> 
> 
> I beginning to think it can't be done.\?

I've used this in the past and it works just fine:

tls_cipher_list: DEFAULT:!SSLv2:!LOW:!EXPORT



-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux