Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)

Veröffentlicht am von

Debian logoOlder installations, such as trusty Debian Lenny, come with versions of OpenSSL 0.9.8. The default cipher suite used by TLS Interposer is very restrictive, on purpose. For OpenSSL 0.9.8g, the only remaining cipher is RC4-SHA.

Especially when configuring XMPP servers such as ejabberd to use TLS Interposer, RC4-SHA alone can be not enough (e.g., when connecting to servers such as jabber.ru, which has RC4 disabled entirely.

“TLS
  1. TLS Interposer
  2. Upgrading Apache 2.2 OpenSSL security with TLS Interposer
  3. Securing fetchmail with improved TLS parameters
  4. Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)
  5. Disable client certificate requests for Cyrus IMAP
← Previous Next →

Therefore, please add

export TLS_INTERPOSER_CIPHERS="DHE-RSA-AES256-SHA AES256-SHA RC4-SHA"
export TLS_INTERPOSER_OPTIONS=debug,logfile

to your configuration list. This will also be the default starting in TLS Interposer 1.3.0 (and is already in the current master git repository).

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.