Q: calendarserver only supports SSLv3
Hello,
I wonder why my iCal Server only Supports SSLv3. I didn't found any configuration for this. I'd rather like to use TLS1.0 and block any SSLv3.
(Looked in /Library/Server/Calendar\ and\ Contacts/Config/caldavd-system.plist)
% nmap --script ssl-enum-ciphers -p 8443 cal.xxx.de
Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-16 16:28 CEST
Host is up (0.0011s latency).
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| SSLv3
| Ciphers (6)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_RSA_WITH_AES_256_CBC_SHA
| TLS_RSA_WITH_RC4_128_MD5
| TLS_RSA_WITH_RC4_128_SHA
| TLS_RSA_WITH_SEED_CBC_SHA
| Compressors (1)
|_ uncompressed
BTW:
# openssl version
OpenSSL 0.9.8y 5 Feb 2013
Shouldn't Apple take any action on this? I feel uncomfortable using OSX Server while not being able to serve something > TLS1.0 without updateing openssl myself.
Thanks in advance!
Mac mini, OS X Mavericks (10.9.5)
Posted on Oct 16, 2014 8:22 AM