That's a nicely done patch, I wish I had seen it sooner.
Only suggestion I have would be to make the default protocols & ciphers stronger
given the current known SSL vulnerabilities.
EG:
sslProtocols = cpystr("ALL -SSLv2 -SSLv3"); /* default protocols */
sslCipherList = cpystr("ALL:!SSLv2:!ADH:!EXP:!LOW:!MD5:@STRENGTH"); /* default
cipher list */
A few years ago I'd done something almost the same (creating config file
parameter parser & matching "GET_name", "SET_name" functions) with a 'place
holder' for the DH parameter file but no actual SSL code for it.
This evening I threw together the actual DHparameter implementation.
Do you have any interest in merging it?
Dave
On Thu, 6 Apr 2017, Dan Lukes wrote:
Neal Horman wrote:
I have already applied the "ssl cipher and protocol options patch" from
http://www.freebsd.cz/~dan/patch-DAN-SETSSLCIPHER to my panda fork at
I'm the author of such patch.
It implements the
set ssl-cipher-list
set ssl-protocols
options (with same syntax as Apache's directives).
Note I updated the patch in question to support TLSv1.1 and TLSv1.2 as well,
so if you use it you may consider to update.
I have plan to add set dh-parameters referring the file with DH Group data,
but it's not completed yet.
Dan
Erik Kangas, Ph.D. wrote:
> Has anyone found a way to get the Diffie Hellman TLS v1.2 ciphers (e.g..
> DHE-RSA-AES256-GCM-SHA384) to work with UW IMAP / Panda IMAP?
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
