[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 15/10/14 07:48, Martijn Grooten wrote:
On Wed, Oct 15, 2014 at 07:09:40AM +0100, Tom wrote:On 15/10/14 02:24, Simon Waters wrote:Okay, Google they say we should lose SSLv3 ASAP. So far everything everywhere has gone to TLSv1 or better except... I have dovecot on Squeeze, and as soon as I disable SSLv3 it says it can't get a cipher list together. I have stunnel working with TLSv1, so I can use than for POP3S and IMAP4S, but should dovecot in Squeeze work with TLSv1. I can't decipher the complexities of the build, but my suspicion is "no". Which is a blow for Squeeze support (okay I should have upgraded by now).Probably not relevant but just to scare you there are reports of SSLv3 having a huge hole which is to be fixed soon!Unless I'm missing a joke or something (it's early...), this is what Simon is referring to, isn't it? Details here: https://www.openssl.org/~bodo/ssl-poodle.pdf And yes, it does look nasty. I do think attacking IMAP/POP3 is pretty difficult though, thus making the issue a lot less urgent than on web browsers and servers. Martijn.
SOrry read that on my phone -lost the top lines TOm te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq