On Tue, May 08, 2012 at 10:35:41AM +0530, Agnello George wrote:
> I have heard of the vulnerability that exists in SSL 3.0 and TLS 1.0 that
> could allow information disclosure if an attacker intercepts encrypted
> traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher
> suites that do not use CBC mode are not affected.
The CBC chosen-plaintext attacks on HTTP don't apply to SMTP or at
least not to Postfix, which sends exactly one message per connection
without re-use.
Adding support for TLSv1.2 won't help, almost nobody you'll send
email to will support TLSv1.2, and in fact we've recent interoperability
issues that mean you're better off with TLSv1 for now.
A TLSv1.2-capable system will typically still negotiate CBC ciphers.
If you want to avoid CBC, you could put RC4-128 at a higher preference
than all other ciphers. This is tricky to get right with OpenSSL 0.9.8,
and it is unlikely to be worth the effort and high probability of
getting wrong, or forgettint to turn it off when it is no longer
needed...
Chosen-plaintext attacks on CBC are not a realistic issue with SMTP. Far
more likely, someone will attack the DNS, and the fact that most
destinations have no SSL support or have self-signed certs.
--
Viktor.
