Joshua Tauberer
|
23be1031b8
|
Remove security.md's information about port 25 which is out of date
|
2020-01-22 03:25:30 -05:00 |
E.M. Makat
|
b86bf07d57
|
Fix spelling of 'guarantee' (#1703)
|
2020-01-22 02:58:40 -05:00 |
Joshua Tauberer
|
f53b18ebb9
|
Upgrade TLS settings
|
2019-12-01 17:49:36 -05:00 |
Joshua Tauberer
|
bc4bdca752
|
update reference to Ubuntu 14.04 to 18.04 in README.md and security.md and drop mentions of our custom packages that we no longer maintain
|
2018-10-03 13:00:15 -04:00 |
Joshua Tauberer
|
e924459140
|
revert f25801e/#1233 - use Mozilla intermediate ciphers for IMAP/POP not modern ciphers
fixes #1300
|
2017-12-24 14:41:41 -05:00 |
Jan Schulz-Hofen
|
48e0f39179
|
Rename ownCloud to Nextcloud in safe places
e.g. code comments and user-facing prompts/outputs which can be safely changed without risking to break anything
|
2017-04-02 11:19:21 +02:00 |
Joshua Tauberer
|
81b5af6b64
|
document fail2ban filters in security.md
|
2016-08-08 07:55:46 -04:00 |
Joshua Tauberer
|
6b73bb5d80
|
outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4
|
2016-06-12 09:11:54 -04:00 |
Joshua Tauberer
|
3055f9a79c
|
drop SSLv3, RC4 ciphers from SMTP port 25
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.
fixes #611
|
2016-06-12 09:11:50 -04:00 |
Joshua Tauberer
|
4b4f670adf
|
s/SSL/TLS/ in user-visible text throughout the project
|
2016-01-04 18:43:16 -05:00 |
Joshua Tauberer
|
5b415c6895
|
tweak security.md for new alias permitted_senders controls
|
2015-08-17 08:18:32 -04:00 |
Joshua Tauberer
|
d08a3095a9
|
tweak security.md
|
2015-07-09 13:30:25 -04:00 |
Joshua Tauberer
|
6441de63ba
|
typo in security.md
|
2015-06-26 11:38:40 -04:00 |
Joshua Tauberer
|
a2c50ae967
|
note the new SMTP mail from restriction in the changelog and security guide
|
2015-06-24 18:12:41 -04:00 |
Joshua Tauberer
|
9e0dcd8718
|
security.md: add a section on DNSSEC specifically
|
2015-06-15 10:24:16 -04:00 |
Joshua Tauberer
|
e9e6d94e3b
|
the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac
|
2015-06-06 12:38:19 +00:00 |
Sam
|
6499eba0cb
|
Echange -> Exchange
|
2015-05-29 07:36:53 -07:00 |
Eric Mill
|
3f329bc1a8
|
fix typos
|
2015-05-29 01:38:42 -04:00 |
Joshua Tauberer
|
7158f9a8d9
|
security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers
|
2015-05-28 21:39:50 -04:00 |
Joshua Tauberer
|
bb75bd7167
|
more security details
|
2015-05-28 21:39:50 -04:00 |
Joshua Tauberer
|
8ba5f2ffa7
|
add security.md and clean up README
|
2015-05-22 16:53:13 -04:00 |