On Wed, Sep 11, 2013 at 09:39:57PM +0200, DTNX Postmaster wrote:
> > This is more reasonable, provided systems you send mail to all
> > support TLSv1 and up. What fraction of outbound handshakes end up
> > with SSLv3?
>
> Outbound is an even smaller percentage of total TLS connections
> established in August; 0,0002%. Interestingly, they are both banks;
> one Dutch, and one Swiss. Both using SSLv3 with AES256-SHA, wouldn't
> be surprised if that means they are using the same brand of security
> product.
For many large organizations inbound and outbound email are handled
by completely separate infrastructure. Inbound mail is often first
received by various anti-spam appliances. Outbound mail often
bypasses these, and for bulk transactional mail, may be handled by
other appliances that handle deliverability tracking, ...
> The odd thing is that both banks drop to RC4-MD5 when sending to
> us. I've seen this on another product that we support ourselves as
> well; the Postfix client negotiates a higher protocol level and
> better cipher for outgoing mail than the server does for incoming
> mail. There is probably a good reason for this, but it feels to me
> like they should support the same protocol and cipher level regardless
> of direction?
I am not surprised.
> Re-enabled SSLv3 for incoming connections again, by the way;
> turns out that about half of those incoming connections are from
> an outsourcing firm that handles payment notifications for, yes,
> another Dutch bank. Sigh ;-)
As I mentioned, at this time, deprecating SSLv3 is most likely
counter-productive. I am hoping that in a couple of years it will
be a practical default for the SMTP client only, where you can
define exceptions for problem destinations via smtp_tls_policy_maps.
A polite note to their postmaster linking to this thread may
encourage them to start making plans to upgrade to inbound systems
that can support TLSv1 and up (strictly speaking the STARTTLS EHLO
response in SMTP promises support of TLS an IETF standard, not SSLv3).
--
Viktor.
