Disable RC4, MD5 and SHA1 for SMTP encryption
authorTom Hughes <tom@compton.nu>
Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
cookbooks/exim/templates/default/exim4.conf.erb

index caac72c527bbe7c7cd4433f544f89fe72a424407..0c99c2ce7787c3a95e555b91b28a8e5da578deae 100644 (file)
@@ -148,7 +148,7 @@ tls_advertise_hosts = <; !127.0.0.1 ; !::1
 
 # Configured TLS cipher selection.
 
-tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
+tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0
 
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -662,7 +662,7 @@ begin transports
 remote_smtp:
   driver = smtp
   multi_domain = false
-  tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
+  tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0
 
 
 # This transport is used for handling pipe deliveries generated by alias or