I thought I'd fixed the problems that related to PCI compliance, but it would appear that I was wrong.
The most recent PCI check flagged SSL2 errors on the imaps and pops ports. Thanks to a helpful site, the solution wasn't that far away though:
The most recent PCI check flagged SSL2 errors on the imaps and pops ports. Thanks to a helpful site, the solution wasn't that far away though:
sudo -s
joe/etc/courier-imap/imapd-sslTLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
sudo -s
joe/etc/courier-imap/pop3d-sslTLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
/etc/init.d/courier restartYou can test the connection with the following:
openssl s_client -connect localhost:995 -ssl2openssl s_client -connect localhost:995 -cipher EXP:LOW
No comments:
Post a Comment