/[smeserver]/rpms/qpsmtpd/sme9/0024-increased-default-TLS-security-setting.patch
ViewVC logotype

Annotation of /rpms/qpsmtpd/sme9/0024-increased-default-TLS-security-setting.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Feb 2 00:59:44 2013 UTC (11 years, 9 months ago) by slords
Branch: MAIN
CVS Tags: qpsmtpd-0_84-14_el6_sme, qpsmtpd-0_84-16_el6_sme, qpsmtpd-0_84-12_el6_sme, qpsmtpd-0_96-7_el6_sme, qpsmtpd-0_96-2_el6_sme, qpsmtpd-0_84-13_el6_sme, qpsmtpd-0_84-6_el6_sme, qpsmtpd-0_84-18_el6_sme, qpsmtpd-0_84-9_el6_sme, qpsmtpd-0_84-4_el6_sme, qpsmtpd-0_96-11_el6_sme, qpsmtpd-0_84-15_el6_sme, qpsmtpd-0_96-4_el6_sme, qpsmtpd-0_96-3_el6_sme, qpsmtpd-0_96-10_el6_sme, qpsmtpd-0_84-17_el6_sme, qpsmtpd-0_84-7_el6_sme, qpsmtpd-0_96-5_el6_sme, qpsmtpd-0_84-10_el6_sme, qpsmtpd-0_84-8_el6_sme, qpsmtpd-0_96-1_el6_sme, qpsmtpd-0_84-5_el6_sme, qpsmtpd-0_96-6_el6_sme, qpsmtpd-0_96-8_el6_sme, qpsmtpd-0_84-11_el6_sme, qpsmtpd-0_96-9_el6_sme, HEAD
* Fri Feb 1 2013 Shad L. Lords <slords@mail.com> 0.84-4.sme
- Update spec so building on rhel6 works [SME: 7263]

1 slords 1.1 From 3a7f46aa3e75988686ef9fcae5158fc29f6a86f6 Mon Sep 17 00:00:00 2001
2     From: Matt Simerson <matt@tnpi.net>
3     Date: Mon, 26 Jul 2010 01:26:53 -0400
4     Subject: increased default TLS security setting
5    
6     switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.
7    
8     Signed-off-by: Robert <rspier@pobox.com>
9     ---
10     config.sample/tls_ciphers | 8 +++++++-
11     1 files changed, 7 insertions(+), 1 deletions(-)
12    
13     diff --git a/config.sample/tls_ciphers b/config.sample/tls_ciphers
14     index e889731..7bb0204 100644
15     --- a/config.sample/tls_ciphers
16     +++ b/config.sample/tls_ciphers
17     @@ -1,4 +1,10 @@
18     # Override default security using suitable string from available ciphers at
19     # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>
20     # See plugins/tls for details.
21     -HIGH
22     +#
23     +# HIGH is a reasonable default that should satisfy most installations
24     +HIGH:!SSLv2
25     +#
26     +# if you have legacy clients that require less secure connections,
27     +# consider using this less secure, but PCI compliant setting:
28     +#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM
29     --
30     1.7.2.2
31    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed