Hi, does anybody know how postfix handles a detected MITM attack based on POODLE?
With the advent of the POODLE vulnerability, the implementation of TLS_FALLBACK_SCSV in OpenSSL happened in order to mitigate MITM. In case that an inappropriate fallback is detected, the SSL library throws an error, like: TLS library problem: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback I saw this happen in one of our logs with the connection from another MTA. What was worrying at that point is that the MTA fell back to unencrypted traffic, even though the error was (at least in theory) a clear indication of MITM. So how does postfix handle this error? Should postfix maybe close the connection and consider this a temporary error ? Like a 451? Lars ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------
