SSL poodle attack in i-MSCP 1.1.16

    Dear community,


    You know all about the new security issue: SSL - Security Hole - POODLE attack
    In the version 1.1.15/16 we added some options to Dovecot which are not compatible with all Dovecot versions.
    Now, we will review this parameter and add them in the next version.


    You can fix the correct parameter by your own.


    For dovecot you have to edit the

    Code
    1. /etc/dovecot/dovecot.conf


    For version 2.0.x you have to patch the source. There is no option available.


    For version 2.1.x need this line:

    Code
    1. ssl_protocols = !SSLv2 !SSLv3


    If you are using i-MSCP 1.1.16 you must remove the line

    Code
    1. ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL


    Postfix can be fixed too. You need to add this line

    Code
    1. smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

    To resume:


    https://www.linode.com/docs/se…isabling-sslv3-for-poodle

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Also:


    For those which are using dovecot 1.2.x (eg, on Debian Squeeze), they should comment the iterate_query parameter from the /etc/dovecot/dovecot-sql.conf configuration file because this parameter is not available in that version.


    All these problems will be fixed in i-MSCP version 1.1.17.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support