Poodle and Kolab

Enrico Tagliavini enrico.tagliavini at gmail.com
Mon Oct 20 18:06:45 CEST 2014


Agreed, best choice is something like Apache HTTPD md_ssl where you
can select the protocol like so:

SSLProtocol All -SSLv2 -SSLv3

To disable older SSL protocols and keep everything else enabled.

On 20 October 2014 10:43, hede <kolab983 at der-he.de> wrote:
> Am Mon, 20 Oct 2014 10:28:00 +0200 schrieb hede <kolab983 at der-he.de>:
>
>> There's some patch at the cyrus mailinglist from Kristian, which addresses this:
>> http://comments.gmane.org/gmane.mail.imap.cyrus/38161
>
> btw: I don't think an option like tls_tlsonly is a clever idea. What happens if TLSv1.1 turns out to be a bad idea? Adding a new option like tls_tls1.2only?
>
> I would prefer a different approach: an option for a minimum version.
> tls_min: 0 (allows SSLv3 and TLSv1 and up)
> tls_min: 1 (allows TLSv1 and up)
> tls_min: 1.1 (allows TLSv1.1 and up)
> ... tbc
>
> regards
> hede
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users


More information about the users mailing list