DP
Jun 21, 2018Nimbostratus
STARTTLS Proxy
Hi.
I'm trying to setup a TLSv1.0 -> TLSv1.2 proxy for STARTTLS SMTP traffic.
We need to disable TLSv1.0 and TLSv1.1, on STARTTLS sessions, for compliance reasons on our mail server.
Another requ...
try
when CLIENT_ACCEPTED {
SSL::disable
TCP::collect 3
}
when CLIENT_DATA {
if { [TCP::payload length] >= 3 } {
binary scan [TCP::payload 3] H* hex
log local0. "Payload in HEX: $hex"
switch $hex {
"160301" {
SSL::profile Legacy_Mail
SSL::enable
}
default {
SSL::enable
}
}
}
TCP::release
}