Disable RC4, MD5 and SHA1 for SMTP encryption

author Tom Hughes <tom@compton.nu>

Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)

committer Tom Hughes <tom@compton.nu>

Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
author Tom Hughes <tom@compton.nu>
Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
committer Tom Hughes <tom@compton.nu>
Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb

index caac72c527bbe7c7cd4433f544f89fe72a424407..0c99c2ce7787c3a95e555b91b28a8e5da578deae 100644 (file)
--- a/cookbooks/exim/templates/default/exim4.conf.erb
+++ b/cookbooks/exim/templates/default/exim4.conf.erb
@@ -148,7 +148,7 @@ tls_advertise_hosts = <; !127.0.0.1 ; !::1
  
  # Configured TLS cipher selection.
  
-tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
+tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0
  
  # Specify the location of the Exim server's TLS certificate and private key.
  # The private key must not be encrypted (password protected). You can put
@@ -662,7 +662,7 @@ begin transports
  remote_smtp:
    driver = smtp
    multi_domain = false
-  tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0
+  tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0
  
  
  # This transport is used for handling pipe deliveries generated by alias or
author	Tom Hughes <tom@compton.nu>
	Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)
committer	Tom Hughes <tom@compton.nu>
	Fri, 5 Oct 2018 14:22:24 +0000 (15:22 +0100)