[Tickets] [Orxonox] #487: Increase mailserver SSL rating
Orxonox
trac at orxonox.net
Sat Mar 25 17:38:05 CET 2017
#487: Increase mailserver SSL rating
-------------------------+-------------------------------
Reporter: landauf | Owner: landauf
Type: task | Status: closed
Priority: minor | Milestone: IT: Server Setup
Component: IT | Version:
Resolution: fixed | Keywords:
Referenced By: | References:
-------------------------+-------------------------------
Changes (by landauf):
* status: new => closed
* resolution: => fixed
Comment:
In {{{/etc/dovecot/conf.d/10-ssl.conf}}}
define the following settings:
{{{
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = xxx [copy ciphers from apache config]
ssl_prefer_server_ciphers = yes
}}}
In {{{/etc/postfix/main.cf}}}
define the following settings:
{{{
# Deny some TLS-Protocols
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
# Deny some TLS-Ciphers
smtpd_tls_exclude_ciphers =
EXP
EDH-RSA-DES-CBC-SHA
ADH-DES-CBC-SHA
DES-CBC-SHA
SEED-SHA
RC4 [<-- add this]
}}}
--
Ticket URL: <https://www.orxonox.net/ticket/487#comment:1>
Orxonox <https://www.orxonox.net>
The Orxonox Project
More information about the Tickets
mailing list