[CentOS] Disable SSLv3 in sendmail in CentOS 5
Andrew Daviel
advax at triumf.ca
Sat Apr 18 02:35:30 UTC 2015
On Thu, 16 Apr 2015, Paul Heinlein wrote:
> On Thu, 16 Apr 2015, Andrew Daviel wrote:
>
>> RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes
>> sendmail-8.13.8-ssl-opts.patch which adds support for disabling SSLv3 and
>> SSLv2 in sendmail.cf
>>
>> But as far as I can see there is no support in sendmail.mc - I can't see
>> how to compile sendmail.mc to get the required line ServerSSLOptions in
>> sendmail.cf
>>
>>
>> Does anyone know how to do this ?
>
> At the end of sendmail.mc, after the MAILER macros, add a LOCAL_CONFIG, e.g,,
>
> LOCAL_CONFIG
> O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
> O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
> +SSL_OP_CIPHER_SERVER_PREFERENCE
Thanks. That was too obvious; I should have read more documentation. The
generic advisory said to add those lines to the LOCAL_CONFIG section of my
sendmail.mc, but I didn't have a LOCAL_CONFIG section, so I assumed it
was referring to a newer version of sendmail.
Meanwhile, I made a patch for sendmail-cf and sendmail-doc back-ported
from sendmail-8.15.1, if anyone's interested.
Andrew
More information about the CentOS
mailing list