NethServer Documentation, Release 7 Final
• Cipher suite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!
˓→
aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-
˓→
SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
• Disabled SSLv2 and SSLv3
Postfix
• See
https://bettercrypto.org/static/applied-crypto-hardening.pdf
category B
• Use TLS in outbound connections, if remote server supports it
• Disable SSLv2 and SSLv3 on submission ports
• Cipher suite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:kEDH:CAMELLIA128-
˓→
SHA:AES128-SHA
• Exclude ciphers
aNULL:eNULL:LOW:3DES:MD5:EXP:PSK:DSS:RC4:SEED:IDEA:ECDSA
Do'stlaringiz bilan baham: