On Tue, May 08, 2012 at 10:35:41AM +0530, Agnello George wrote: > I have heard of the vulnerability that exists in SSL 3.0 and TLS 1.0 that > could allow information disclosure if an attacker intercepts encrypted > traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher > suites that do not use CBC mode are not affected.
The CBC chosen-plaintext attacks on HTTP don't apply to SMTP or at least not to Postfix, which sends exactly one message per connection without re-use. Adding support for TLSv1.2 won't help, almost nobody you'll send email to will support TLSv1.2, and in fact we've recent interoperability issues that mean you're better off with TLSv1 for now. A TLSv1.2-capable system will typically still negotiate CBC ciphers. If you want to avoid CBC, you could put RC4-128 at a higher preference than all other ciphers. This is tricky to get right with OpenSSL 0.9.8, and it is unlikely to be worth the effort and high probability of getting wrong, or forgettint to turn it off when it is no longer needed... Chosen-plaintext attacks on CBC are not a realistic issue with SMTP. Far more likely, someone will attack the DNS, and the fact that most destinations have no SSL support or have self-signed certs. -- Viktor.