On Mon, 6 Jul 2015, Sebastian Hagedorn wrote: > --On 6. Juli 2015 14:23:11 +1000 ellie timoney <ellie@xxxxxxxxxxxx> wrote: > >> Please consult the release notes before upgrading to 2.4.18: >> >> https://docs.cyrus.foundation/imap/release-notes/2.4-current.html > > The big one is this: "Disable use of SSLv2/SSLv3" > > When I look at our log files, I see that there are still several hundred > SSLv3 connections per day. I'm worried that not all clients used by our users > support TLSv1. One such client appears to be Outlook 2003. Has anybody else > (especially in education) already turned off SSLv3? What were your > experiences? I had similar concerns when I was making SSLv3 and cipher changes to my LDAP service. I wanted to proactively identify any clients that would be affected so we could fix them in advance. I used tshark to sniff the ciphers for all my incoming connections, but you can also get the TLS version used from the output. I wrote it up in a blog post here: http://blogs.oregonstate.edu/sysadmin/2015/07/01/tracking-ssltls-cipher-usage/ NOTE: This does not require access to your private key because there is no decryption of data. Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
