Hi-- On Oct 12, 2011, at 8:29 AM, Dean E. Weimer wrote: > I know that setting this option in Apache does the trick for HTTPS, I just > need to figure out how to tell Sendmail to do the same. > SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2 > > If anyone has any idea how to do this, or any idea on what keywords to search > on that might find me the directions it would be a great help.
If you can't find a way of specifying the allowed SSL ciphers via sendmail config (as someone mentioned, you can test ${cipher_bits} against ENCR:bits, but that doesn't disable anonymous ciphers like ADH entirely), you can build a modern flavor of OpenSSL to /usr/local with the ciphers you don't like disabled, and rebuild sendmail against this OpenSSL. I believe that the security/openssl already does most of this for you, and would be easy to tweak a bit more if that's needed. Regards, -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"