[BlueOnyx:17828] Re: TLS Error - fact finding tour

Richard Sidlin richard at sidlin.co.uk
Wed Jun 17 18:21:21 -05 2015 

> Hi Richard,
> 
> > OK. Here are the new results:
> 
> Ok. Please do this:
> 
> yum clean all
> yum update
> 
> Regardless if it fetches anything run this afterwards:
> 
> /usr/sausalito/constructor/base/email/syncEmailService.pl
> 
> Once that's done you should be good. When both the latest base-email
> RPMs are installed and that script has run, your Sendmail will start to
offer
> the two recently added ciphers that re-establish downwards-compatibility
> with older email servers.
> 
> You can then confirm this by running ...
> 
> nmap --script ssl-enum-ciphers -p 465 127.0.0.1
> 
> ... again and you will see the two ciphers in the output as well:
> 
>        TLS_RSA_WITH_RC4_128_MD5 - strong
>        TLS_RSA_WITH_RC4_128_SHA - strong
> 
> --
> With best regards
> 
> Michael Stauber

OK, got this:

[root at smtp ~]# /usr/sausalito/constructor/base/email/syncEmailService.pl
service dovecot supports chkconfig, but is not referenced in any runlevel
(run 'chkconfig --add dovecot')

and this:

[root at smtp ~]# nmap --script ssl-enum-ciphers -p 465 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2015-06-18 00:16 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00018s latency).
PORT    STATE SERVICE
465/tcp open  smtps
| ssl-enum-ciphers:
|   TLSv1.0
|     Ciphers (10)
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.1
|     Ciphers (10)
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.2
|     Ciphers (18)
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA256
|       TLS_RSA_WITH_AES_128_GCM_SHA256
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA256
|       TLS_RSA_WITH_AES_256_GCM_SHA384
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|     Compressors (1)
|_      uncompressed

Nmap done: 1 IP address (1 host up) scanned in 30.56 seconds

All good apart from the dodgy chkconfig error?

Thanks.

Richard

More information about the Blueonyx mailing list