Issue #188 Logjam Vulnerability

E-F-A · May 24, 2015 · 594e125 · 594e125
1 parent ddc7d88
commit 594e125
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -25,6 +25,7 @@ Issue #175 Enhancement  - Set keyboard layout at beginning of EFA-Init
 Issue #177 Enhancement  - Correct EFA to new clamav paths using EPEL
 Issue #178 Enhancement  - EFA MailWatch Unicode Support
 Issue #186 Bug          - Unbound full recursion support
+Issue #188 Bug          - Logjam Vulnerability
 
 EFA-Update enhanced fault tolerance
 EPEL Repository is now enabled

diff --git a/build/build.bash b/build/build.bash
@@ -210,6 +210,11 @@ func_postfix () {
     # Issue #167 Change perms on /etc/postfix/sasl_passwd to 600 
     chmod 0600 /etc/postfix/sasl_passwd
 
+    # Logjam Vulnerability #188
+    openssl dhparam -out /etc/postfix/ssl/dhparam.pem 2048
+    postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparam.pem"
+    postconf -e "smtpd_tls_ciphers = low"
+
     echo "pwcheck_method: auxprop">/usr/lib64/sasl2/smtpd.conf
     echo "auxprop_plugin: sasldb">>/usr/lib64/sasl2/smtpd.conf
     echo "mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5">>/usr/lib64/sasl2/smtpd.conf

diff --git a/update/versions/EFA-Version-Upgrade-3.0.0.8-beta b/update/versions/EFA-Version-Upgrade-3.0.0.8-beta
@@ -255,6 +255,12 @@ function run_update() {
   rm -f /usr/local/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
   cp $STAGING/Files/RegistrarBoundaries.pm /usr/local/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
 
+  # Logjam Vulnerability #188
+  openssl dhparam -out /etc/postfix/ssl/dhparam.pem 2048
+  postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparam.pem"
+  postconf -e "smtpd_tls_ciphers = low"
+  service postfix reload
+
   service clamd start
   # Force update clam dbs
   /usr/bin/freshclam