Disable SSLv3 an select ciphers in amavis

Patrick Ben Koetter p at sys4.de
Tue Mar 17 16:17:52 CET 2015 

* Grooz, Marc (regio iT) <Marc.Grooz at regioit.de>:
> OK but is there a way to set this parameter in openssl or somewhere else?

Try patching it using "SSL_version" as documented in
http://search.cpan.org/~sullr/IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pod.

p at rick



> 
> Kind regards marc
> 
> -----Ursprüngliche Nachricht-----
> Von: ich at markusbenning.de [mailto:ich at markusbenning.de] 
> Gesendet: Dienstag, 17. März 2015 15:48
> An: Grooz, Marc (regio iT)
> Cc: amavis-users at amavis.org
> Betreff: Re: Disable SSLv3 an select ciphers in amavis
> 
> Hello,
> 
> currently amavis does not configure this parameters.
> 
> In amavisd-new 2.10.1 the server side STARTTLS is done at amavisd line number 21939 in process_smtp_request():
> 
>     IO::Socket::SSL->start_SSL($sock,
>       SSL_server => 1, SSL_session_cache => 2,
>       SSL_error_trap => sub { my($sock,$msg)=@_;
> 			      do_log(-2,"Error on socket: %s",$msg) },
>       SSL_passwd_cb => sub { 'example' },
>       SSL_key_file  => $smtpd_tls_key_file,
>       SSL_cert_file => $smtpd_tls_cert_file,
>     ) or die "Error upgrading socket to SSL: ".
> 	     IO::Socket::SSL::errstr();
> 
> And client side in ssl_upgrade() at line number 8389:
> 
>   IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache,
>     SSL_error_trap =>
>       sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) },
>     %params,
>   ) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr();
> 
> Both do not set SSL_version, SSL_cipher_list or SSL_honor_cipher_order.
> 
> regards,
> Markus
> 
> 
> On Tue, Mar 17, 2015 at 01:18:08PM +0000, Grooz, Marc (regio iT) wrote:
> > Hi,
> > is there a way to disable SSLv3 and control witch ciphers amavis use?
> > Kind regards
> > Marc
> 
> --
> Markus Benning, https://markusbenning.de/

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the amavis-users mailing list