Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: guest22 on December 30, 2013, 06:01:13 PM

Title: Security SME
Post by: guest22 on December 30, 2013, 06:01:13 PM

Does SME Server  need to take this into account?

https://securityblog.redhat.com/2013/12/11/tlsv1-1-and-tlsv1-2-now-available-in-rhel/

Title: Re: Security SME
Post by: CharlieBrady on January 12, 2014, 04:29:47 PM

RequestedDeletion, please make all software change proposals via the bug tracker. For questions concerning software you are developing yourself, use the devinfo mailing list.

Thanks

Title: Re: Security SME
Post by: raem on January 13, 2014, 01:03:30 AM

Bug added
http://bugs.contribs.org/show_bug.cgi?id=8130

Title: Re: Security SME
Post by: wellsi on January 13, 2014, 02:00:56 AM

Thank you for raising the bug, it's now on the list to be carefully checked.

Title: Re: Security SME
Post by: guest22 on January 13, 2014, 11:15:28 PM

Quote from: raem on January 13, 2014, 01:03:30 AM

Bug added
http://bugs.contribs.org/show_bug.cgi?id=8130

Thanks Ray, you beat me to it, for the better ;-)

Title: Re: Security SME
Post by: raem on January 18, 2014, 07:45:02 AM

RequestedDeletion & all

This is a good example of why bugs should be raised, so to all, please do not hesitate.

The issue has been considered in
http://bugs.contribs.org/show_bug.cgi?id=8130
& is being referred on to another bug for sme9

ie
The RedHat article raises two SSL issues
Apache's SSLProtocol needs no changes for SME 8 or SME 9.
CipherSuite has been updated for SME 8 via Bug 7916.
I will clone that bug for SME 9 and copy the fix there (it still needs verification)

Then there is a third issue that we are tracking
Bug 7999 for SME 8 relating to email, for SME 9 we have already implemented a different solution.