Git/email-toolbox-wiki
1
0
Fork 0
mirror of https://github.com/internetstandards/toolbox-wiki.git synced 2025-11-03 23:35:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated cipher exclude list

Browse Source 
Due to a bug in internet.nl, some 'insufficient' and 'phase out' algorithms were enabled but not detected (https://github.com/NLnetLabs/Internet.nl/issues/477). This lead to a false positive test result of the cipher sub test. This new cipher exclude list fixes this.
This commit is contained in:
Dennis Baaten
2020-09-23 21:58:43 +02:00
committed by GitHub
parent 970251b749
commit 435601cf34
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
under construction/STARTTLS-how-to.md
View File

@@ -58,8 +58,8 @@ Under construction
# disable compression and client-initiated renegotiation # disable compression and client-initiated renegotiation
tls_ssl_options = NO_COMPRESSION, 0x40000000 tls_ssl_options = NO_COMPRESSION, 0x40000000
# disable unsecure ciphers # disable unsecure ciphers
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8 smtpd_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8 smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
# Enable server cipher-suite preferences # Enable server cipher-suite preferences
tls_preempt_cipherlist = yes tls_preempt_cipherlist = yes
# Forward secrecy # Forward secrecy