BEAST (Browser Exploit Against SSL/TLS) Vulnerability on Port 25 for Postfix

Posted by Abdul Haseeb on Server Fault See other posts from Server Fault or by Abdul Haseeb
Published on 2012-12-05T12:31:42Z Indexed on 2012/12/05 17:06 UTC
Read the original article Hit count: 301

Filed under:
|
|
|

I am failing a PCI Compliant scan. I have successfully used RC4 ciphers for Apache setup but my Postfix configuration is still not fixed. What TLS configuration should i use in my main.cf file.

my current configuration is as follows

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
tls_preempt_cipherlist = yes
smtpd_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = !SSLv2, SSLv3
smtpd_tls_cipherlist = RC4-SHA:+TLSv1:!SSLv2:+SSLv3:!aNULL:!NULL
smtp_tls_cipherlist = RC4-SHA:+TLSv1:!SSLv2:+SSLv3:!aNULL:!NULL
smtpd_tls_security_level = encrypt

© Server Fault or respective owner

Related posts about ubuntu

Related posts about ssl