[Pkg-Cyrus-imapd-Debian-devel] [SVN] r222 - in
trunk/cyrus-imapd-2.2.12/debian: changelog imapd.conf
debian at incase.de
debian at incase.de
Tue Dec 6 12:05:48 UTC 2005
Author: hmh
Date: Tue Dec 6 13:05:25 2005
New Revision: 222
URL: https://mail.incase.de/viewcvs?root=cyrus22?view=rev&rev=222
Log:
Modify TLS cipher list to something much safer, and with a lot less clutter
Modified:
trunk/cyrus-imapd-2.2.12/debian/changelog
trunk/cyrus-imapd-2.2.12/debian/imapd.conf
Modified: trunk/cyrus-imapd-2.2.12/debian/changelog
URL: https://mail.incase.de/viewcvs?root=cyrus22/trunk/cyrus-imapd-2.2.12/debian/changelog?view=diff&rev=222&p1=trunk/cyrus-imapd-2.2.12/debian/changelog&r1=221&p2=trunk/cyrus-imapd-2.2.12/debian/changelog&r2=222
==============================================================================
--- trunk/cyrus-imapd-2.2.12/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.12/debian/changelog Tue Dec 6 13:05:25 2005
@@ -1,8 +1,13 @@
cyrus22-imapd (2.2.12-2) experimental; urgency=low
- * <temporary entry after tagging of 2.2.12-1>
+ [ Sven Mueller ]
+ * <temporary entry after tagging of 2.2.12-1>
- -- Sven Mueller <debian at incase.de> Tue, 29 Nov 2005 18:08:11 +0100
+ [ Henrique de Moraes Holschuh ]
+ * Modify the Debian default TLS cipher list to use only secure ciphers
+ suitable for imap/pop/smtp/lmtp TLS, and add an explanation
+
+ -- Henrique de Moraes Holschuh <hmh at debian.org> Tue, 6 Dec 2005 10:01:16 -0200
cyrus22-imapd (2.2.12-1) experimental; urgency=low
Modified: trunk/cyrus-imapd-2.2.12/debian/imapd.conf
URL: https://mail.incase.de/viewcvs?root=cyrus22/trunk/cyrus-imapd-2.2.12/debian/imapd.conf?view=diff&rev=222&p1=trunk/cyrus-imapd-2.2.12/debian/imapd.conf&r1=221&p2=trunk/cyrus-imapd-2.2.12/debian/imapd.conf&r2=222
==============================================================================
--- trunk/cyrus-imapd-2.2.12/debian/imapd.conf (original)
+++ trunk/cyrus-imapd-2.2.12/debian/imapd.conf Tue Dec 6 13:05:25 2005
@@ -252,9 +252,12 @@
# disable session caching.
tls_session_timeout: 1440
-# The list of SSL/TLS ciphers to allow. The format of the string is described
-# in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP!
-tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
+# The list of SSL/TLS ciphers to allow, in decreasing order of precedence.
+# The format of the string is described in ciphers(1). The Debian default
+# selects TLSv1 high-security ciphers only, and removes all anonymous ciphers
+# from the list (because they provide no defense against man-in-the-middle
+# attacks). It also orders the list so that stronger ciphers come first.
+tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
#tls_require_cert: false
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list