Posted 2 new test builds. Chose not to post here like normal since they are indeed highly experimental & don't really want people accidentally using them in production:
http://www.hmailserver.com/forum/viewto ... 24#p160724
Here is a copy of the post:
I have a TEST BUILD if anyone wants to try it. Understand this is not tested beyond making sure the values set show up as expected in the logs as shown.
*** I would not recommend using this test build in production ***
hmailserver.ini
Code: Select all
[Settings]
SSLOptionList=default_workarounds,no_sslv2,no_tlsv1
;DO NOT USE this example SSLOptionList. It is just an example
;Default if not defined is default_workarounds,no_sslv2
SSLCipherList=ECDH:DH
;DO NOT USE this example SSLCipherList. It is just an example
;Default if not defined is OpenSSL default Ciphers
IMPORTANT!
* Note that SSLOptionList defaults to default_workarounds,no_sslv2 if not set (that is what hmailserver uses now) and that it is a COMMA DELIMITED LIST. I would not put spaces between I do not know what that would do.
* SSLCipherList defaults to NOTHING as is the case with hmailserver now and it is a COLON DELIMITED LIST as shown & from the available options shown on openssl site:
https://www.openssl.org/docs/apps/ciphers.html# Using ! in front of a cipher disables it. Do not put spaces between each.
* For now ensure all OPTIONS set to lower case and CIPHERS set to UPPER CASE, unless confirmed to work otherwise. (Tempted to force case in the code but for now just match case of example INI above)
* These lists are used for both listening (incoming) and outgoing. If there becomes a need I can make 2 more INI settings but for now this allows testing.
* IMPORTANT: This build has a LOT of extra debug logging but NOT shown by default. [Settings]LogLevel=10 for some extra to 100 for extremely verbose (10 needed to show below log lines)
Code: Select all
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - SSLOptionList Option: default_workarounds,no_sslv2,no_tlsv1"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - SSL Cipher Option: ECDH:DH"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - Found SSL Option: default_workarounds"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - SSL Option SET: default_workarounds"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - Found SSL Option: no_sslv2"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - SSL Option SET: no_sslv2"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - Found SSL Option: no_tlsv1"
"DEBUG" 3448 "2014-04-21 17:08:32.079" "TCPServer::InitSSL() - SSL Option SET: no_tlsv1"
*** I would not recommend using this test build in production ***
Other changes in this build since 4/8 build:
* Fixed bug where built-in backup would abort if Data > 15GB despite BackupMessagesDBOnly=1 option. (Thx CU2U)
* Using martin's openssl 1.0.1g from official source vs my assembly built one. (Might as well stick with his now that it is available)
In addition I am posting up a 2nd test build which also changes:
* Used /LARGEADDRESSAWARE option during build which should allow hmailserver to use more memory if needed (such as heavy IMAP load)
* WARNING!!! - UNTESTED!!! - Could cause unknown problems due to memory space addressing.
* WARNING!!! - Should ONLY be tested on 64bit Windows Vista or later with AT LEAST 4GB MEMORY!! (It makes no sense to try this on 32bit or <2GB anyway but you should have at least 3GB before it could make a difference but really 4GB.)
* YOU'VE BEEN WARNED!
OK here are the downloads: (Install just like any other experimental build)
SSLOptions SSL Cipher TEST build: (See warnings above)
http://www.mediafire.com/download/dzel2 ... ns-TEST.7z
MD5: 531605ee555e7b2d175a2ebe31071e0b SHA1: c1209e9e666fe4ff3cfa4fd43b316015e3a02eb3
LargeMemory SSLPtions SSL Cipher TEST build: (See warnings above)
http://www.mediafire.com/download/nu0f7 ... ns-TEST.7z
MD5: e1fd3a6787e62297af607893d2d5fd4a SHA1: 8f50730f7783ee1dcec8631c0b28de757529e6ba