A StackExchange question on using HAProxy’s capture feature to pass data from TCP mode to HTTP mode prompted me to update my SSL configuration. This was intended to get an A+ rating from SSL Labs by sending non-SNI capable clients to a server with weaker ciphers. This was to enable clients on WinXP/IE8, Java 6,… Continue reading Securing TLS
Disabling SSLv3 to block Poodle
The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3. While SSLv3 is mostly history, the techniques I used can be applied to other TLS versions. Ubuntu uses configuration files split into… Continue reading Disabling SSLv3 to block Poodle
Email Logins for Dovecot and Exim
Configuring a common login for Dovecot IMAP(s) and Exim SMTP. Also Exim Submission port and TLS (SSL) configuration.