Thanks, I will keep 3DES for now.
My dentist does not have to worry, it was a transcription error.
On Fri, Mar 11, 2016 at 10:27:17AM -0500, John A @ KLaM wrote:
> As a result of following various - how tos, warnings, notices etc., I
> currentky exclude from both smtp & smtpd
>
> aNULL, DES, 3DES, MD5, RC2. RC4,
> RC5, IDEA, SRP, PSK, aDDS, kECDhe,
> kECDhr, kDHd, kDHr, SEED,
As yhe result of following various - how tos, warnings, notices etc., I
currentky exclude from both smtp & smtpd "aNULL, DES, 3DES, MD5, RC2. RC4.
RC5, IDEA, SRP, PSK, aDDS, kECDhe, kECDhr, kDHd, kDHr, SEED, IDEA, LOW, EXPORT"
Is this list reasonable and/or accurate.
On Thu, Mar 10, 2016 at 04:40:37PM -0600, Blake Hudson wrote:
> >>>smtpd_tls_exclude_ciphers =
> >>>EXPORT, LOW, MD5, SEED, IDEA, RC2
> >>> smtp_tls_exclude_ciphers =
> >>>EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
> >With opportunistic TLS one should be
Viktor Dukhovni wrote on 3/10/2016 11:57 AM:
On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote:
smtpd_tls_exclude_ciphers =
EXPORT, LOW, MD5, SEED, IDEA, RC2
smtp_tls_exclude_ciphers =
EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
With opportunis
On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote:
> > smtpd_tls_exclude_ciphers =
> >EXPORT, LOW, MD5, SEED, IDEA, RC2
> > smtp_tls_exclude_ciphers =
> >EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
With opportunistic TLS one should be somewhat cauti
El 10/03/16 a les 13:22, @lbutlr ha escrit:
> smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4, LOW, EXPORT
> smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED, IDEA, RC2,
> RC5
I have set this on my postfix:
smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL, SE
On Tue Mar 01 2016 10:16:51 Viktor Dukhovni
said:
>
> smtpd_tls_exclude_ciphers =
>EXPORT, LOW, MD5, SEED, IDEA, RC2
> smtp_tls_exclude_ciphers =
>EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
I have
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5
Am 03.03.2016 um 19:29 Uhr schrieb Viktor Dukhovni:
Postfix 2.6 and later, with the recommended settings is sufficient,
but it is recommended that you also deploy OpenSSL 1.0.1s or 1.0.2g,
or your O/S vendor's "equivalent" update.
It is sadly common to selectively backport fixes without changing
On Thu, Mar 03, 2016 at 05:14:30PM +0100, Marc Patermann wrote:
> Am 01.03.2016 um 18:16 Uhr schrieb Viktor Dukhovni:
>
> >Some of the servers that expose TLS to cross-protocol DROWN attacks
> >via SSLv2 are MTAs running Postfix. If you're using an older
> >Postfix release (released prior to July
On Thu, Mar 03, 2016 at 09:03:55AM -0600, Blake Hudson wrote:
> Viktor Dukhovni wrote on 3/1/2016 11:16 AM:
> ># Suggested, not strictly needed:
> >#
> >smtpd_tls_exclude_ciphers =
> > EXPORT, LOW, MD5, SEED, IDEA, RC2
> >smtp_tls_exclude_ciphers =
> > EXPORT, LOW,
Viktor,
Am 01.03.2016 um 18:16 Uhr schrieb Viktor Dukhovni:
Some of the servers that expose TLS to cross-protocol DROWN attacks
via SSLv2 are MTAs running Postfix. If you're using an older
Postfix release (released prior to July 20 2015), or you've explicitly
configured TLS settings that may ha
Is the following reasonable and/or acceptable, and a better question -
will it work?
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = EXPORT, LOW, IDEA, 3DES, MD5, SRP, PSK, aDSS,
kECDHe, kECDhr, kDHd, kDHr, SEED, IDEA, RC2, RC5
Viktor Dukhovni wrote on 3/1/2016 11:16 AM:
# Suggested, not strictly needed:
#
smtpd_tls_exclude_ciphers =
EXPORT, LOW, MD5, SEED, IDEA, RC2
smtp_tls_exclude_ciphers =
EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
I noticed your exclude
On Wed, Mar 02, 2016 at 10:22:12PM -0700, Richard B. Pyne wrote:
> I've added all but the forward secrecy part on my email server running
> postfix 2.10.1 (the latest in the CentOS7 repository), and
> test.drownattack.com still reports vulnerability on port 25. Any help will
> be greatly appreciat
I've added all but the forward secrecy part on my email server running
postfix 2.10.1 (the latest in the CentOS7 repository), and
test.drownattack.com still reports vulnerability on port 25. Any help
will be greatly appreciated.
postconf -nf
alias_database = hash:/etc/aliases
alias_maps = has
Some of the servers that expose TLS to cross-protocol DROWN attacks
via SSLv2 are MTAs running Postfix. If you're using an older
Postfix release (released prior to July 20 2015), or you've explicitly
configured TLS settings that may have enabled SSLv2, please update
your configuration as suggeste
17 matches
Mail list logo
