[zorp-hu] Megoldva - pop3s, imaps, smtps

Szilárd Pfeiffer pfeiffer.szilard at balabit.hu
2012. Aug. 30., Cs, 20:25:59 CEST 

A PSSL_ helyett SSL_ prefix az ami támogatott a 3.9-es verzióban. Ezt
még érdemes lehet tudni. Egyébiránt hasznos példákat lehet találni az
alábbi címen, egyebek mellett SSL melletti használatra is.

https://github.com/balabit/zorp-examples

Üdv,
Pfeiffer Szilárd

On k, 2012-08-28 at 19:30 +0100, Tamas Barina wrote:
> Sziasztok:
> 
> A megoldas az archivum kedveert (Ha v.ki persze ebben a konfigban lat v.mi
> nemszep dolgot, batran szoljon):
> PSSL_METHOD_ALL
> 
> Es a policy.py idevago resze:
> class SmtpsMail(Smtp):
>      def config(self):
>         Smtp.config(self)
>         self.ssl.client_key_file = "/etc/ssl/sites/mail.valami.hu.key"
>         self.ssl.client_cert_file = "/etc/ssl/sites/mail. valami.hu _ca.crt"
>         self.ssl.client_ssl_method = PSSL_METHOD_ALL
>         self.ssl.server_ssl_method = PSSL_METHOD_ALL
>         self.ssl.client_connection_security = PSSL_FORCE_SSL
>         self.ssl.server_connection_security = PSSL_FORCE_SSL
>         self.ssl.client_disable_proto_sslv2 = TRUE
>         self.ssl.server_disable_proto_sslv2 = TRUE
>         self.ssl.client_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.server_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.client_verify_type = SSL_VERIFY_NONE
>         self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
>         self.ssl.client_verify_depth = 3
>         self.ssl.server_verify_depth = 3
> 
> class ImapsMail(Imap):
>      def config(self):
>         Imap.config(self)
>         self.ssl.client_key_file = "/etc/ssl/sites/mail. valami.hu.key"
>         self.ssl.client_cert_file = "/etc/ssl/sites/mail. valami.hu _ca.crt"
>         self.ssl.client_ssl_method = PSSL_METHOD_ALL
>         self.ssl.server_ssl_method = PSSL_METHOD_ALL
>         self.ssl.client_connection_security = PSSL_FORCE_SSL
>         self.ssl.server_connection_security = PSSL_FORCE_SSL
>         self.ssl.client_disable_proto_sslv2 = TRUE
>         self.ssl.server_disable_proto_sslv2 = TRUE
>         self.ssl.client_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.server_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.client_verify_type = SSL_VERIFY_NONE
>         self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
>         self.ssl.client_verify_depth = 3
>         self.ssl.server_verify_depth = 3
> 
> class Pop3sMail(Pop3):
>      def config(self):
>         Pop3.config(self)
>         self.ssl.client_key_file = "/etc/ssl/sites/mail. valami.hu.key"
>         self.ssl.client_cert_file = "/etc/ssl/sites/mail. valami.hu _ca.crt"
>         self.ssl.client_ssl_method = PSSL_METHOD_ALL
>         self.ssl.server_ssl_method = PSSL_METHOD_ALL
>         self.ssl.client_connection_security = PSSL_FORCE_SSL
>         self.ssl.server_connection_security = PSSL_FORCE_SSL
>         self.ssl.client_disable_proto_sslv2 = TRUE
>         self.ssl.server_disable_proto_sslv2 = TRUE
>         self.ssl.client_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.server_ssl_cipher = PSSL_CIPHERS_HIGH
>         self.ssl.client_verify_type = SSL_VERIFY_NONE
>         self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
>         self.ssl.client_verify_depth = 3
>         self.ssl.server_verify_depth = 3
> 
> Koszonom mindenkinek a hasznos otleteket.
> 
> Tamas Barina
> 
> 
> 
> _______________________________________________
> zorp-hu mailing list
> zorp-hu at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/zorp-hu
>

További információk a(z) zorp-hu levelezőlistáról