somewhat Off topic, Sendmail Issue
Chuck Swiger
cswiger at mac.com
Wed Oct 12 17:36:50 UTC 2011
Hi--
On Oct 12, 2011, at 8:29 AM, Dean E. Weimer wrote:
> I know that setting this option in Apache does the trick for HTTPS, I just need to figure out how to tell Sendmail to do the same.
> SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2
>
> If anyone has any idea how to do this, or any idea on what keywords to search on that might find me the directions it would be a great help.
If you can't find a way of specifying the allowed SSL ciphers via sendmail config (as someone mentioned, you can test ${cipher_bits} against ENCR:bits, but that doesn't disable anonymous ciphers like ADH entirely), you can build a modern flavor of OpenSSL to /usr/local with the ciphers you don't like disabled, and rebuild sendmail against this OpenSSL.
I believe that the security/openssl already does most of this for you, and would be easy to tweak a bit more if that's needed.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list