• 8
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Disable Cipher SSL3_RSA_WITH_SEED_SHA in Postfix

I want to disable cipher SSL3_RSA_WITH_SEED_SHA in Postfix.

I have got in main.cf

smtpd_tls_ciphers = high
smtpd_tls_protocols = TLSv1,!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4

What should I add to smtpd_tls_exclude_ciphers to exclude SSL3_RSA_WITH_SEED_SHA?

      • 1
    • Isn't that already disabled as you have disabled the whole SSLv3 protocol? (SSL3_RSA_WITH_SEED_SHA sounds SSLv3 specific?)
    • I was thinking the same but I have done scan with OpenVAS and I am still getting weak ciphers are: SSL3_RSA_WITH_SEED_SHA on port 465/tcp

You can use BetterCrypto document for a secure configuration. After that, OpenVAS should not trigger any problem.

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

Page 26, Section 2.3.4.Postfix: https://bettercrypto.org/static/applied-crypto-hardening.pdf

Please read Limitations, too.

I hope to be useful.

  • 5
Reply Report

Trending Tags