Victor writes:
On Oct/17/14 2:10, Sam Varshavchik wrote: > Oliver Mihatsch writes: > >> Behaviour when using the following variable (added !, added TLSv1_1):>> TLS_CIPHER_LIST="!SSLv3:TLSv1:TLSv1_1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:! aNULL@STRENGTH">> >> >> SSLv3 working, TLS 1.0 working, TLS 1.1 working, TLS 1.2 working (no >> changes to before) >> >> >> So results were not really what I was expecting. SSLv3 and TLS1/1.1 >> are somehow just an alias for each other. > > This weirdness is entirely OpenSSL's doing. This setting is passed > directly to OpenSSL, with no further interpretation. > > Someone else already dug up the code change necessary to disable > SSLv3. It appears that a small code change is required. > There was a patch released for OpenSSL recently which included TLS_FALLBACK_SCSV support. Isn't upgrading enough in this case? Or is there still a need to reconfigure imapd?
That depends on how it got implemented in OpenSSL. If it's a discrete option that an application must set, it obviously needs to be a code change.
If it's enabled by default, and there are no resulting ABI changes, no recompilation is necessary.
If it's enabled by default, and there are ABI changes, just a recompilation is needed.
pgpONK0Jt20Jq.pgp
Description: PGP signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
