BEAST (Browser Exploit Against SSL/TLS) Vulnerability on Port 25 for Postfix
Posted
by
Abdul Haseeb
on Server Fault
See other posts from Server Fault
or by Abdul Haseeb
Published on 2012-12-05T12:31:42Z
Indexed on
2012/12/05
17:06 UTC
Read the original article
Hit count: 301
I am failing a PCI Compliant scan. I have successfully used RC4 ciphers for Apache setup but my Postfix configuration is still not fixed. What TLS configuration should i use in my main.cf file.
my current configuration is as follows
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
tls_preempt_cipherlist = yes
smtpd_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = !SSLv2, SSLv3
smtpd_tls_cipherlist = RC4-SHA:+TLSv1:!SSLv2:+SSLv3:!aNULL:!NULL
smtp_tls_cipherlist = RC4-SHA:+TLSv1:!SSLv2:+SSLv3:!aNULL:!NULL
smtpd_tls_security_level = encrypt
© Server Fault or respective owner