On Sat, Jun 21, 2014 at 01:11:04PM +0200, Stefan Foerster wrote:
> During a security audit, it was determined that the MX supported what
> the auditors called "weak" ciphers and protocols (SSLv3, TLSv1.0,
> RC4-MD5, anonymous ciphers and so on). The auditors demanded that we
> disable all those - not considering the fact that our Postifx _did_
> assing a higher priority to "more secure" ciphers.
>
> Not surprisingly, a lot of sending systems failed back to plain text
> after we pushed the change to production.
A my previous employer a clueless checklist zombie auditor tried
to pull the same trick. Though it took much spine, the postmaster
who succeeded me managed to convince management that the auditor
was wrong, and no settings were changed.
--
Viktor.
