mirror of
https://github.com/internetstandards/toolbox-wiki.git
synced 2024-11-23 11:31:36 +01:00
updated cipher exclude list
Due to a bug in internet.nl, some 'insufficient' and 'phase out' algorithms were enabled but not detected (https://github.com/NLnetLabs/Internet.nl/issues/477). This lead to a false positive test result of the cipher sub test. This new cipher exclude list fixes this.
This commit is contained in:
parent
970251b749
commit
435601cf34
@ -58,8 +58,8 @@ Under construction
|
||||
# disable compression and client-initiated renegotiation
|
||||
tls_ssl_options = NO_COMPRESSION, 0x40000000
|
||||
# disable unsecure ciphers
|
||||
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8
|
||||
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA, DHE-RSA-AES256-CCM8, AES256-CCM8, DHE-RSA-AES128-CCM8, AES128-CCM8
|
||||
smtpd_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
|
||||
smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, ADH, AECDH, kRSA, DSS, RC4, DES, IDEA, SEED, ARIA, AESCCM8, 3DES, MD5
|
||||
# Enable server cipher-suite preferences
|
||||
tls_preempt_cipherlist = yes
|
||||
# Forward secrecy
|
||||
|
Loading…
Reference in New Issue
Block a user