On 19/10/14 00:49, Cyborg wrote: > Openssl has announced a workaround for sslv3. I'm not sure about what it > does, but maybe you don't need to change exim's config at all.
The update to OpenSSL has enabled TLS_FALLBACK_SCSV protocol extension which prevents MITM attackers from being able to force a protocol downgrade. Both the client and the server must be upgraded to support this protocol for it to be of any use. You're still better off disabling SSLv3 since the udpate only helps servers which have been upgraded, and run OpenSSL. Other implementations may not support the extension. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
