Hi, Currently, for mailservers we allow SSL for opportunistic TLS encryption between mailservers. For all other cases, SSL is disabled. I think we should at least disallow SSLv2 for mta traffic, as SSLv2 and SSLv3 are nearly equally available.
Sebastian On 03/01/2016 08:14 PM, Torge Riedel wrote: > Hi list, > > is it worth to add/merge recommendations from > > https://drownattack.com/ > > to the ACH configuration? > > Related article (in German): > http://www.heise.de/newsticker/meldung/DROWN-Angriff-SSL-Protokoll-aus-der-Steinzeit-wird-Servern-zum-Verhaengnis-3121121.html?wt_mc=rss.ho.beitrag.atom > > I apologize if ACH configuration is already up-to-date, I didn't > checked. Too busy. > > Regards > Torge > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > > -- > python programming - mail server - photo - video - https://sebix.at > cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
