Hi, On Tue, Mar 25, 2014 at 2:27 AM, Eric Shubert <e...@shubes.net> wrote:
> It came to my attention recently that the ciphers used by the stock QMT > aren't as secure as they might be. In fact, QMT was simply using all > available ciphers in no particular priority. > > The general intention of QMT is to be as secure as reasonably possible in > the stock configuration, and if security is too tight for someone, then can > deliberately relax the security configuration. > > With this in mind, I've modified the soon-to-be-offically-released qmail > for COS6 to include the following cipher string: > MEDIUM:HIGH:!SSLv2:!MD5:!RC4:!3DES > If anyone needs something more lenient, they can adjust their > tlsserverciphers file accordingly. > > For those of you on COS5 (or present COS6 hosts) who want to beef up their > TLS/SSL security, the following command will do it: > # openssl ciphers 'MEDIUM:HIGH:!SSLv2:!MD5:!RC4:!3DES' \ > >/var/qmail/control/tlsserverciphers > Thanks Eric, much appreciated! One question: does qmail need to be restarted after issuing the openssl command? Regards, Peter
