Re: [mailop] TLS/SSL DROWN attack with respect to email servers
On Wed, Mar 2, 2016 at 5:29 PM, Brandon Long wrote: > I thought that POODLE required a specific type of fallback that tended to > be browser specific (ie, prevent a tls connection, forcing the browser to > fall back to a ssl3 connection), do any smtp servers actually do that? > Re-negotiation is part of SSL/TLS I believe, so once STARTTLS is initiated, I believe you can create the right conditions to fall back to SSLv3. This tool is cool for finding issues on mail servers https://ssl-tools.net/mailservers ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] TLS/SSL DROWN attack with respect to email servers
I thought that POODLE required a specific type of fallback that tended to be browser specific (ie, prevent a tls connection, forcing the browser to fall back to a ssl3 connection), do any smtp servers actually do that? looks like we're down to small enough ssl3 we could disable it, though. Almost all of our ssl3 comes from badoo.com, never heard of it. Who hasn't already disabled ssl2? I'm kind of shocked at their numbers. Brandon (not a security expert) On Wed, Mar 2, 2016 at 4:09 PM, Franck Martin via mailop wrote: > Disable SSLv3 too, because of Poodle. > > We will need to get rid of RC4, unfortunately this is the only cypher some > old exchange machines understand. Also falling back to clear text from > STARTTLS is more and more frowned upon. > > On Wed, Mar 2, 2016 at 1:45 PM, Matthew Huff wrote: > >> If your mail server still is advertising SSLv2, you SSL private key may >> be vulnerable. >> >> >> https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack >> >> What's worse, if you are using a wildcard cert, then any other server >> that is using the same cert can be trivially decrypted even if that server >> is only using TLS1.2 and strong cyphers. >> >> I know that there are a number of broken email servers that will bounce >> mail if TLS is negotiated but they can't negotiate older SSL or weaker >> cyphers, but it's probably a good idea to either: 1) Disable TLS, or 2) >> Disable SSLv2 >> >> >> Matthew Huff | 1 Manhattanville Rd >> Director of Operations | Purchase, NY 10577 >> OTA Management LLC | Phone: 914-460-4039 >> aim: matthewbhuff| Fax: 914-694-5669 >> >> >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] TLS/SSL DROWN attack with respect to email servers
Disable SSLv3 too, because of Poodle. We will need to get rid of RC4, unfortunately this is the only cypher some old exchange machines understand. Also falling back to clear text from STARTTLS is more and more frowned upon. On Wed, Mar 2, 2016 at 1:45 PM, Matthew Huff wrote: > If your mail server still is advertising SSLv2, you SSL private key may be > vulnerable. > > https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack > > What's worse, if you are using a wildcard cert, then any other server that > is using the same cert can be trivially decrypted even if that server is > only using TLS1.2 and strong cyphers. > > I know that there are a number of broken email servers that will bounce > mail if TLS is negotiated but they can't negotiate older SSL or weaker > cyphers, but it's probably a good idea to either: 1) Disable TLS, or 2) > Disable SSLv2 > > > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff| Fax: 914-694-5669 > > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] TLS/SSL DROWN attack with respect to email servers
If your mail server still is advertising SSLv2, you SSL private key may be vulnerable. https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack What's worse, if you are using a wildcard cert, then any other server that is using the same cert can be trivially decrypted even if that server is only using TLS1.2 and strong cyphers. I know that there are a number of broken email servers that will bounce mail if TLS is negotiated but they can't negotiate older SSL or weaker cyphers, but it's probably a good idea to either: 1) Disable TLS, or 2) Disable SSLv2 Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop