Hi--
On Oct 12, 2011, at 8:29 AM, Dean E. Weimer wrote:
> I know that setting this option in Apache does the trick for HTTPS, I just
> need to figure out how to tell Sendmail to do the same.
> SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2
>
> If anyone has any idea how to do this, or any idea on what keywords to search
> on that might find me the directions it would be a great help.
If you can't find a way of specifying the allowed SSL ciphers via sendmail
config (as someone mentioned, you can test ${cipher_bits} against ENCR:bits,
but that doesn't disable anonymous ciphers like ADH entirely), you can build a
modern flavor of OpenSSL to /usr/local with the ciphers you don't like
disabled, and rebuild sendmail against this OpenSSL.
I believe that the security/openssl already does most of this for you, and
would be easy to tweak a bit more if that's needed.
Regards,
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
