SSL security updated

Rob Mueller – 17 November 2009

Due to a recently discovered SSL man-in-the-middle flaw, I've upgraded our web, IMAP and POP proxy servers to disable SSL renegotiation.

At the same time, I've disabled SSLv2 protocol (it's been deprecated 1996) and disabled all "LOW" and "EXPORT" ciphers.

In theory, there should be no user visible changes, but some very, very old email clients or browsers may experience problems. Unfortunately in those cases, people are either going to have to use non-SSL access, or upgrade their email client/browser to a newer version.