Poodle and Kolab
dsp3
info at dsp3.org
Thu Oct 23 10:41:55 CEST 2014
> Well, while limiting ciphers maybe is an additional security option to
> limit ssl/tls to strong encryptiom, this list seems not sufficient to
> limit OpenSSL to TLS and not using SSLv3.
You can see the test results of an Apache/Openssl server with the listed
ciphers here:
https://www.ssllabs.com/ssltest/analyze.html?d=testbit.eu
"This server is not vulnerable to the POODLE attack because it doesn't
support SSL 3"
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+AESGCM:EECDH:EDH+AESGCM:EDH+aRSA:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!PSK:!SRP:!DSS
If someone tests it with imapd, I'd be interested to see whether or not
ssl3 is actually excluded. However, the more elegant solution is
certainly to wait for a patched cyrus2.5.
More information about the users
mailing list