NGINX and pureFTPd configurations do not disable SSLv2 and SSLv3 in v

Discussion in 'Installation/Configuration' started by cbj4074, Nov 13, 2014.

  1. cbj4074

    cbj4074 Member


    I noticed that in ISPConfig, the configuration changes required to mitigate the POODLE attack (see: ) have been made for Dovecot and Postfix, but not for NGINX and pureFTPd.

    Is there a reason for which the configuration changes recommended in the above-cited article for NGINX and pureFTPd have not been integrated into the default ISPConfig templates in

    In particular, I expected /etc/nginx/nginx.conf to contain the following:

    http {
    	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    and /usr/sbin/pure-ftpd-wrapper to contain the following:

    'TLSCipherSuite' => ['-J %s', \&parse_string],
    as recommended in the tutorial.

    P.S. I can't speak to Courier or Dovecot < 2.1, as I have not checked those templates.
    Last edited: Nov 13, 2014
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The /usr/sbin/pure-ftpd-wrapper is not a config file and its not from ispconfig. This patch has to be included by the debian devs that maintain this package.

    sslv3 is disabled in nginx in ISPConfig, this is handled on the vhost level and therefor part of the vhost files and not in nginx.conf. The change in nginx.conf is only required for ispconfig versions <
  3. cbj4074

    cbj4074 Member

    Great; thank you for clarifying both points. Much appreciated, Till.

Share This Page