On Sun, 25 Jul 2010, Robert Spier wrote: > Applied: 3a7f46aa3e75988686ef9fcae5158fc29f6a86f6
This doesn't seem to be in either of these repos: http://git.develooper.com/qpsmtpd.git http://github.com/abh/qpsmtpd/ Where should I be looking? Thanks. > Matt Simerson wrote: > > > > switched default TLS security in config/tls_ciphers from HIGH to > > HIGH:!SSLv2. Added note for how to set the minimum level of security > > necessary for PCI compliance. > > --- > > config.sample/tls_ciphers | 8 +++++++- > > 1 files changed, 7 insertions(+), 1 deletions(-) > > > > diff --git a/config.sample/tls_ciphers b/config.sample/tls_ciphers > > index e889731..7bb0204 100644 > > --- a/config.sample/tls_ciphers > > +++ b/config.sample/tls_ciphers > > @@ -1,4 +1,10 @@ > > # Override default security using suitable string from available ciphers > > at > > # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS> > > # See plugins/tls for details. > > -HIGH > > +# > > +# HIGH is a reasonable default that should satisfy most installations > > +HIGH:!SSLv2 > > +# > > +# if you have legacy clients that require less secure connections, > > +# consider using this less secure, but PCI compliant setting: > > +#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM > > -- > > 1.7.1.1 > > >
