From: Tom Hughes Date: Fri, 5 Oct 2018 14:22:24 +0000 (+0100) Subject: Disable RC4, MD5 and SHA1 for SMTP encryption X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/524a7ce279b8975ebe0dfb61f8f9f637e5f04b0f Disable RC4, MD5 and SHA1 for SMTP encryption --- diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index caac72c52..0c99c2ce7 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -148,7 +148,7 @@ tls_advertise_hosts = <; !127.0.0.1 ; !::1 # Configured TLS cipher selection. -tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0 +tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0 # Specify the location of the Exim server's TLS certificate and private key. # The private key must not be encrypted (password protected). You can put @@ -662,7 +662,7 @@ begin transports remote_smtp: driver = smtp multi_domain = false - tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0 + tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-ARCFOUR-128:-MD5:-SHA1:-VERS-SSL3.0 # This transport is used for handling pipe deliveries generated by alias or