On Tue, 7 Jul 2015, Sebastian Hagedorn wrote: > --On 6. Juli 2015 13:38:16 -0700 Andrew Morgan <morgan@xxxxxxxx> wrote: > >> On Mon, 6 Jul 2015, Sebastian Hagedorn wrote: >> >>> --On 6. Juli 2015 14:23:11 +1000 ellie timoney <ellie@xxxxxxxxxxxx> >>> wrote: >>> >>>> Please consult the release notes before upgrading to 2.4.18: >>>> >>>> https://docs.cyrus.foundation/imap/release-notes/2.4-current.html >>> >>> The big one is this: "Disable use of SSLv2/SSLv3" >>> >>> When I look at our log files, I see that there are still several hundred >>> SSLv3 connections per day. I'm worried that not all clients used by our >>> users support TLSv1. One such client appears to be Outlook 2003. Has >>> anybody else (especially in education) already turned off SSLv3? What >>> were your experiences? >> >> I had similar concerns when I was making SSLv3 and cipher changes to my >> LDAP service. I wanted to proactively identify any clients that would be >> affected so we could fix them in advance. >> >> I used tshark to sniff the ciphers for all my incoming connections, but >> you can also get the TLS version used from the output. >> >> I wrote it up in a blog post here: >> >> >> http://blogs.oregonstate.edu/sysadmin/2015/07/01/tracking-ssltls-cipher-u >> sage/ > > Thanks for your reply! Our Cyrus server is still running RHEL 5, and its > tshark binary doesn't yet support the "-2" flag. I see that it's supposed to > "Perform a two-pass analysis", but I'm unclear on why that is useful or even > necessary? I removed the flag for my tests, and at first glance it still > seems to work. FWIW, I had to modify the pattern matching in the Perl script, > because in our instance there are two tabs before the first IP address. I copied the basic tshark parameters from someone else. When I run the capture without -2, the output is slightly different, although it seems to capture the same basic information. It appears the parameters -R, -2, and -Y have been changing between versions. Current versions of tshark have -Y, which applies a display filter. My version (v1.8.10 on Oracle Linux 6) doesn't have -Y though. Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
