On 2014-10-15 18:03, lst_ho...@kwsoft.de wrote:
> Unfortunately it looks like Cyrus can not disable SSLv3 protocol without
> disabling ciphers also used in TLSv1.x, no?
You can't disable it manually until Kristian's patch is merged, but with
Ubuntu's default cipher list I'm unable to establish an
Hi,
Two patches for merging
Thanks for the great work on cyrus imapd.
I have just read various recommendations that we now should disable SSLv3
not just on HTTPS as POODLE-attack demonstrates but we should expect to
see exploits on other services as well like IMAPS and POPS.
I saw tha
Well the only thing new about POODLE versus previous known vulnerabilities
is the way to manipulate the known vulnerability to gain the session
cookie, which you can then re-use to log on to the site for yourself
without needing to authenticate.
There's no such thing as a session cookie in IMAP, s
Zitat von Geoff Winkless :
Genuine question: is it shown that POODLE impacts on IMAPS?
I don't see how POODLE could affect an IMAPS session, since it only works
if you can MITM a non-SSL session on the user's browser and force it to
request the same target page over and over.
Cheers
Geoff
Genuine question: is it shown that POODLE impacts on IMAPS?
I don't see how POODLE could affect an IMAPS session, since it only works
if you can MITM a non-SSL session on the user's browser and force it to
request the same target page over and over.
Cheers
Geoff
Cyrus Home Page: http://www.
On 2014-10-15 16:11, lst_ho...@kwsoft.de wrote:
> Hello,
>
> as of today a new exploit against SSL has been revelead which is a
> protocol weakness of ancient SSLv3. The common advice is to disable
> SSLv3 so the question is how to do this with Cyrus without doing too
> much damage.
>
> The first
Hello,
as of today a new exploit against SSL has been revelead which is a
protocol weakness of ancient SSLv3. The common advice is to disable
SSLv3 so the question is how to do this with Cyrus without doing too
much damage.
The first idea is of course to do something like
tls_cipher_list
