/[smeserver]/rpms/qpsmtpd/sme10/0024-increased-default-TLS-security-setting.patch
ViewVC logotype

Contents of /rpms/qpsmtpd/sme10/0024-increased-default-TLS-security-setting.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Sun Feb 7 20:49:54 2016 UTC (8 years, 8 months ago) by stephdl
Branch: MAIN
CVS Tags: qpsmtpd-0_96-19_el7_sme, qpsmtpd-0_96-12_el7_sme, qpsmtpd-0_96-11_el7_sme, qpsmtpd-0_96-16_el7_sme, qpsmtpd-0_96-13_el7_sme, qpsmtpd-0_96-6_el7_sme, qpsmtpd-0_96-18_el7_sme, qpsmtpd-0_96-23_el7_sme, qpsmtpd-0_96-20_el7_sme, qpsmtpd-0_84-20_el7_sme, qpsmtpd-0_96-17_el7_sme, qpsmtpd-0_96-8_el7_sme, qpsmtpd-0_96-5_el7_sme, qpsmtpd-0_96-2_el7_sme, qpsmtpd-0_96-21_el7_sme, qpsmtpd-0_96-22_el7_sme, qpsmtpd-0_96-14_el7_sme, qpsmtpd-0_96-15_el7_sme, qpsmtpd-0_96-9_el7_sme, qpsmtpd-0_96-4_el7_sme, qpsmtpd-0_96-1_el7_sme, qpsmtpd-0_96-3_el7_sme, qpsmtpd-0_84-18_el7_sme, qpsmtpd-0_96-10_el7_sme, qpsmtpd-0_84-19_el7_sme, HEAD 
* Sun Feb 7 2016 stephane de labrusse <stephdl@de-labrusse.fr> 0.84-18.sme
- Build new rpm for sme10
1 From 3a7f46aa3e75988686ef9fcae5158fc29f6a86f6 Mon Sep 17 00:00:00 2001
2 From: Matt Simerson <matt@tnpi.net>
3 Date: Mon, 26 Jul 2010 01:26:53 -0400
4 Subject: increased default TLS security setting
5
6 switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.
7
8 Signed-off-by: Robert <rspier@pobox.com>
9 ---
10 config.sample/tls_ciphers | 8 +++++++-
11 1 files changed, 7 insertions(+), 1 deletions(-)
12
13 diff --git a/config.sample/tls_ciphers b/config.sample/tls_ciphers
14 index e889731..7bb0204 100644
15 --- a/config.sample/tls_ciphers
16 +++ b/config.sample/tls_ciphers
17 @@ -1,4 +1,10 @@
18 # Override default security using suitable string from available ciphers at
19 # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>
20 # See plugins/tls for details.
21 -HIGH
22 +#
23 +# HIGH is a reasonable default that should satisfy most installations
24 +HIGH:!SSLv2
25 +#
26 +# if you have legacy clients that require less secure connections,
27 +# consider using this less secure, but PCI compliant setting:
28 +#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM
29 --
30 1.7.2.2
31
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed