Disable SSLv3 an select ciphers in amavis
Markus Benning
ich at markusbenning.de
Tue Mar 17 15:48:22 CET 2015
Hello,
currently amavis does not configure this parameters.
In amavisd-new 2.10.1 the server side STARTTLS is done at amavisd
line number 21939 in process_smtp_request():
IO::Socket::SSL->start_SSL($sock,
SSL_server => 1, SSL_session_cache => 2,
SSL_error_trap => sub { my($sock,$msg)=@_;
do_log(-2,"Error on socket: %s",$msg) },
SSL_passwd_cb => sub { 'example' },
SSL_key_file => $smtpd_tls_key_file,
SSL_cert_file => $smtpd_tls_cert_file,
) or die "Error upgrading socket to SSL: ".
IO::Socket::SSL::errstr();
And client side in ssl_upgrade() at line number 8389:
IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache,
SSL_error_trap =>
sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) },
%params,
) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr();
Both do not set SSL_version, SSL_cipher_list or SSL_honor_cipher_order.
regards,
Markus
On Tue, Mar 17, 2015 at 01:18:08PM +0000, Grooz, Marc (regio iT) wrote:
> Hi,
> is there a way to disable SSLv3 and control witch ciphers amavis use?
> Kind regards
> Marc
--
Markus Benning, https://markusbenning.de/
More information about the amavis-users
mailing list