[Pkg-Cyrus-imapd-Debian-devel] [SVN] r222 - in trunk/cyrus-imapd-2.2.12/debian: changelog imapd.conf

debian at incase.de debian at incase.de
Tue Dec 6 12:05:48 UTC 2005 

Author: hmh
Date: Tue Dec  6 13:05:25 2005
New Revision: 222

URL: https://mail.incase.de/viewcvs?root=cyrus22?view=rev&rev=222
Log:
Modify TLS cipher list to something much safer, and with a lot less clutter
Modified:
    trunk/cyrus-imapd-2.2.12/debian/changelog
    trunk/cyrus-imapd-2.2.12/debian/imapd.conf

Modified: trunk/cyrus-imapd-2.2.12/debian/changelog
URL: https://mail.incase.de/viewcvs?root=cyrus22/trunk/cyrus-imapd-2.2.12/debian/changelog?view=diff&rev=222&p1=trunk/cyrus-imapd-2.2.12/debian/changelog&r1=221&p2=trunk/cyrus-imapd-2.2.12/debian/changelog&r2=222
==============================================================================
--- trunk/cyrus-imapd-2.2.12/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.12/debian/changelog Tue Dec  6 13:05:25 2005
@@ -1,8 +1,13 @@
 cyrus22-imapd (2.2.12-2) experimental; urgency=low
 
-  * <temporary entry after tagging of 2.2.12-1> 
+  [ Sven Mueller ]
+  * <temporary entry after tagging of 2.2.12-1>
 
- -- Sven Mueller <debian at incase.de>  Tue, 29 Nov 2005 18:08:11 +0100
+  [ Henrique de Moraes Holschuh ]
+  * Modify the Debian default TLS cipher list to use only secure ciphers
+    suitable for imap/pop/smtp/lmtp TLS, and add an explanation
+
+ -- Henrique de Moraes Holschuh <hmh at debian.org>  Tue,  6 Dec 2005 10:01:16 -0200
 
 cyrus22-imapd (2.2.12-1) experimental; urgency=low
 

Modified: trunk/cyrus-imapd-2.2.12/debian/imapd.conf
URL: https://mail.incase.de/viewcvs?root=cyrus22/trunk/cyrus-imapd-2.2.12/debian/imapd.conf?view=diff&rev=222&p1=trunk/cyrus-imapd-2.2.12/debian/imapd.conf&r1=221&p2=trunk/cyrus-imapd-2.2.12/debian/imapd.conf&r2=222
==============================================================================
--- trunk/cyrus-imapd-2.2.12/debian/imapd.conf (original)
+++ trunk/cyrus-imapd-2.2.12/debian/imapd.conf Tue Dec  6 13:05:25 2005
@@ -252,9 +252,12 @@
 # disable session caching.
 tls_session_timeout: 1440
 
-# The list of SSL/TLS ciphers to allow.  The format of the string is described
-# in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP!
-tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
+# The list of SSL/TLS ciphers to allow, in decreasing order of precedence.  
+# The format of the string is described in ciphers(1).  The Debian default
+# selects TLSv1 high-security ciphers only, and removes all anonymous ciphers
+# from the list (because they provide no defense against man-in-the-middle
+# attacks).  It also orders the list so that stronger ciphers come first.
+tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
 
 # Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
 #tls_require_cert: false

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list