Discussion:
[PERDITION-USERS] Secure Client-Initiated Renegotiation
Hochreiter Martin
2017-10-03 09:08:49 UTC
Permalink
Running a testssl check we have one threat left on the tls port 143:



Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat



Is there any chance to close that in perdition.imap4s.conf?



_____________________
DI (FH) Martin Hochreiter

Fachverantwortlicher Systemadministration

IT und Infrastruktur


Fachhochschule St. Pölten GmbH
Matthias Corvinus-Straße 15, 3100 St. Pölten
T: +43 (0) 2742 313 228 – 215

M: +43 (0) 676 847 228 215

E: <mailto:***@fhstp.ac.at> ***@fhstp.ac.at
I: <http://www.fhstp.ac.at/> www.fhstp.ac.at
FN 146616m, LG St. Pölten, DVR 1028669F
Marcus Schopen
2017-10-05 22:27:29 UTC
Permalink
Hi Martin,
Post by Hochreiter Martin
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
Is there any chance to close that in perdition.imap4s.conf?
I'm using 2.2 too and if I check my server on 993

openssl s_client -connect server:993 -CApath /etc/ssl/certs/
the result is fine:

--------
* OK [CAPABILITY IMAP4 IMAP4REV1] ...
R
RENEGOTIATING
[...]
verify return:1
read:errno=0
--------

Also testssl.sh comes to the same result:

Secure Client-Initiated Renegotiation not vulnerable (OK)

Ciao!

Loading...