From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Oct 30 04:50:43 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 27399C34 for ; Thu, 30 Oct 2014 04:50:43 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0EC8ADB7 for ; Thu, 30 Oct 2014 04:50:43 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s9U4ogVp041283 for ; Thu, 30 Oct 2014 04:50:42 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 194699] New: no way to disable weak ciphers in mail/imap-uw Date: Thu, 30 Oct 2014 04:50:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: velcroleaf@rocketmail.com X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2014 04:50:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194699 Bug ID: 194699 Summary: no way to disable weak ciphers in mail/imap-uw Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: velcroleaf@rocketmail.com There is currently no way to configure the list of used ciphers in mail/imap-uw. As I understand it, the relevant line is located in c-client/ssl_unix.c and is hard-coded to be somewhat insecure: #define SSLCIPHERLIST "ALL:!LOW" If we could provide our own value for SSLCIPHERLIST at compile time, that would solve the issue. security/openssl allows you to disable SSLv2 and SSLv3 with options used at compile time, but not all ports currently function without SSLv2 and SSLv3 support enabled, so you can't solve this problem using that trick either. -- You are receiving this mail because: You are the assignee for the bug.