Re: Impact of SSL renegotiation attacks on SMTP mail - REMOTE system compatibility with openssl 0.9.8l

2009-11-26 Thread Victor Duchovni
On Thu, Nov 26, 2009 at 04:21:29PM +0100, gmx wrote: > Anybody on the list has practical experience - e.g. > 4) with MS-Outlook and > 5) Thunderbird directly connecting to postfix or > 6) MS-Exchange > 7) Any of the usual gateway suspects like IronPort, Borderware, ... > or does any of them regul

Re: Impact of SSL renegotiation attacks on SMTP mail - REMOTE system compatibility with openssl 0.9.8l

2009-11-26 Thread gmx
>> 1) will >> a) smtpd_tls_ask_ccert, >> b) smtpd_tls_wrappermode, >> c) smtpd_use_tls, >> d) smtpd_enforce_tls >> still work with the new openssl 0.9.8l >> http://marc.info/?l=openssl-users&m=125751806022186&w=2 ? > 2) should I upgrade the openssl on the MTA to that version? > > They w

Re: Impact of SSL renegotiation attacks on SMTP mail

2009-11-26 Thread Wietse Venema
gmx: > In-Reply-To-Message-ID: 20091109012901.6d90f1f3...@spike.porcupine.org > > Hi Wietse and Victor, > > Thank you very much for your analyses > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 . > > As a practitioner, the following question arises as we are in a business > partne

Re: Impact of SSL renegotiation attacks on SMTP mail

2009-11-09 Thread Dhiraj Chatpar
I am not able to install this which i used to in debian.. i am now using centos. can you please tell me how to install apt-get install libnet-server-perl on centos? Samuel Goldwyn - "I'm willing to admit that I may not always be rig

Re: Impact of SSL renegotiation attacks on SMTP mail

2009-11-09 Thread Wietse Venema
Andrzej Kuku??a: > On Mon, Nov 9, 2009 at 02:29, Wietse Venema wrote: > > Last week there was big news about a security hole in the TLS > > protocol that allows a man-in-the-middle to prepend data to a > > fully-secure TLS session. > > Thank you both gentlemen for your hard work on this. I've got

Re: Impact of SSL renegotiation attacks on SMTP mail

2009-11-09 Thread Andrzej KukuĊ‚a
On Mon, Nov 9, 2009 at 02:29, Wietse Venema wrote: > Last week there was big news about a security hole in the TLS > protocol that allows a man-in-the-middle to prepend data to a > fully-secure TLS session. Thank you both gentlemen for your hard work on this. I've got possibly lame question. I as

Impact of SSL renegotiation attacks on SMTP mail

2009-11-08 Thread Wietse Venema
Last week there was big news about a security hole in the TLS protocol that allows a man-in-the-middle to prepend data to a fully-secure TLS session. That is, the server certificate verifies, and therefore no-one can read or modify the network traffic. Or so we thought. http://www.ietf.org/mail-a