Hello,as of today a new exploit against SSL has been revelead which is a protocol weakness of ancient SSLv3. The common advice is to disable SSLv3 so the question is how to do this with Cyrus without doing too much damage.
The first idea is of course to do something like tls_cipher_list: ALL:-SSLv3:-SSLv2 in imapd.conf.But i wonder if this is the correct fix because our default from Ubuntu 12.04 looks like this:
tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH Any comment how to safely disable SSLv3? Regards Andreas
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
