2015-03-26 19:00 keltezéssel, Joris írta:
SSLEngine on
SSLCertificateFile /data/certificates/internal/mail.xxx.com.pem
SSLCertificateKeyFile
/data/certificates/internal/mail.xxx.com.key
SSLCACertificateFile
/data/certificates/external/PositiveSSL-bundle.ca-bundle
# POODLE ATTACK
SSLProtocol All -SSLv2 -SSLv3
Just for the security:
I think the default Apache ciphers settings are too weak. So, I suggest
this setting (for all list member):
SSLCipherSuite \
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
Peti
--
users@sogo.nu
https://inverse.ca/sogo/lists