Hi, We're rolling out spamdyke across our Qmail servers, and for PCI compliance we need to ensure that no low/weak ciphers are being used for TLS/SSL communication. I noticed spamdyke doesn't have a way to configure the available ciphers, so I've built it in.
Patch attached will apply against 1.4.10 and introduces a new configuration option "tls-cipher-list", which will default to "DEFAULT". A list of supported ciphers can be found by running `openssl ciphers`, and it's just a matter of specifying the allowable ciphers as you would in a TLS patched Qmail: tls-cipher-list=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:-MEDIUM Would love to see this pushed back to spamdyke, as I'm sure it's something a lot of people would have a good use for. Regards, Chris Boulton Lead Engineer BigCommerce / Interspire Email: [email protected] Web: http://www.bigcommerce.com Web: http://www.interspire.com Australia: +61 2 9262 7770 USA: 1800 939 5570
spamdyke-tls-ciphers.diff
Description: Binary data
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
