/[smeserver]/rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.6.0-bz10460-better-Cipher-and-Protocol.patch
ViewVC logotype

Annotation of /rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.6.0-bz10460-better-Cipher-and-Protocol.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Sun May 3 01:55:55 2020 UTC (4 years, 6 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-qpsmtpd-2_6_0-33_el7_sme 
* Sat May 02 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-33.sme
- minimum Protocol TLSv1.1 [SME: 10460]
  better ciphers order.
1 jpp 1.1 diff -Nur smeserver-qpsmtpd-2.6.0.old/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_ciphers/10ciphers smeserver-qpsmtpd-2.6.0/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_ciphers/10ciphers
2     --- smeserver-qpsmtpd-2.6.0.old/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_ciphers/10ciphers 2016-02-05 18:28:23.000000000 -0500
3     +++ smeserver-qpsmtpd-2.6.0/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_ciphers/10ciphers 2020-05-02 21:48:35.133000000 -0400
4     @@ -1,5 +1,5 @@
5     {
6     # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
7     - return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
8     + return $qpsmtpd{tlsCipher} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
9     }
10    
11     diff -Nur smeserver-qpsmtpd-2.6.0.old/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols smeserver-qpsmtpd-2.6.0/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols
12     --- smeserver-qpsmtpd-2.6.0.old/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols 2016-02-05 18:28:25.000000000 -0500
13     +++ smeserver-qpsmtpd-2.6.0/root/etc/e-smith/templates/var/service/qpsmtpd/config/tls_protocols/10protocols 2020-05-02 21:47:49.922000000 -0400
14     @@ -2,5 +2,7 @@
15     $OUT .= 'SSLv23';
16     $OUT .= ':!SSLv2' unless ($qpsmtpd{SSLv2} || 'disabled') eq 'enabled';
17     $OUT .= ':!SSLv3' unless ($qpsmtpd{SSLv3} || 'disabled') eq 'enabled';
18     -$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'enabled') eq 'enabled';
19     +$OUT .= ':!TLSv1' unless ($qpsmtpd{TLSv1} || 'disabled') eq 'enabled';
20     +$OUT .= ':!TLSv1.1' unless ($qpsmtpd{TLSv1.1} || 'enabled') eq 'enabled';
21     +$OUT .= ':!TLSv1.2' unless ($qpsmtpd{TLSv1.2} || 'enabled') eq 'enabled';
22     }
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed