Topic: Security SME

[guest22]

Does SME Server  need to take this into account?

https://securityblog.redhat.com/2013/12/11/tlsv1-1-and-tlsv1-2-now-available-in-rhel/

[CharlieBrady]

RequestedDeletion, please make all software change proposals via the bug tracker. For questions concerning software you are developing yourself, use the devinfo mailing list.

Thanks

[raem]

Bug added
http://bugs.contribs.org/show_bug.cgi?id=8130

[wellsi]

Thank you for raising the bug, it's now on the list to be carefully checked.

[guest22]

Bug added
http://bugs.contribs.org/show_bug.cgi?id=8130

Thanks Ray, you beat me to it, for the better

[raem]

RequestedDeletion & all

This is a good example of why bugs should be raised, so to all, please do not hesitate.

The issue has been considered in
http://bugs.contribs.org/show_bug.cgi?id=8130
& is being referred on to another bug for sme9

ie
The RedHat article raises two SSL issues
Apache's SSLProtocol needs no changes for SME 8 or SME 9.
CipherSuite has been updated for SME 8 via Bug 7916.
I will clone that bug for SME 9 and copy the fix there (it still needs verification)

Then there is a third issue that we are tracking
Bug 7999 for SME 8 relating to email, for SME 9 we have already implemented a different solution.