On 12 Oct 2018, at 23:04, Peter wrote:
Issue #1 the use of TLSv1.0. Unless I'm mistaken the only actual
vulnerability to TLSv1.0 is BEAST, which can be (and likely is)
mitigated client-side, so if your version of openssl mitigates BEAST
then TLSv1.0 should actually be safe to use as a client. Using it as
a
server will depend on whether or not the connecting client has
mitigated
BEAST.
There's also POODLE in some TLS implementations and a weaker set of
ciphersuites.
Both known 'name' attacks on TLSv1.0 are logistically challenging to
mount and unlikely to ever be aimed at SMTP+TLS traffic and so are a
negligible risk, but that overlooks some significant issues:
1. If an implementation can't do better than TLSv1.0, it is old and
ill-maintained and has a substantial risk of having unknown or
lesser-known vulnerabilities that can't be mitigated by a lenient
partner running the latest and greatest implementation.
2. As TLSv1.0 is increasingly abandoned by both TLS implementations and
in operational configurations, novel vulnerabilities in the old protocol
are more likely to remain covert and hence highly useful, especially if
they are less painful to exploit than BEAST or POODLE.
--
Bill Cole
