-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
Postfix configurations?
If yes, what is the proper way to do it?
Thank you in advance.
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
Computer Engineers do it bit by bit
Am 15.10.2014 um 17:53 schrieb Luigi Rosa:
Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
Postfix configurations?
If yes, what is the proper way to do it?
if you don't need to support really old clients
smtpd_tls_protocols = !SSLv2 !SSLv3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
li...@rhsoft.net wrote on 15/10/2014 17:57:
if you don't need to support really old clients smtpd_tls_protocols =
!SSLv2 !SSLv3
Thanks!
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
God isn't dead, he just couldn't find a parking place.
-BEGIN
* on the Wed, Oct 15, 2014 at 05:53:31PM +0200, Luigi Rosa wrote:
Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
Postfix configurations?
FWIW, I don't think POODLE would work against SMTP traffic. POODLE
relies on a MITM being able to pursuade the client to send
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike Cardwell wrote on 15/10/2014 19:08:
I'd be interested to hear figures regarding how much traffic would change
from being encrypted to plain text if SSLv3 was dropped for SMTP...
My humble opinion about the delta: zero.
I prefer to disable
Am 15.10.2014 um 19:18 schrieb Luigi Rosa:
Mike Cardwell wrote on 15/10/2014 19:08:
I'd be interested to hear figures regarding how much traffic would change
from being encrypted to plain text if SSLv3 was dropped for SMTP...
My humble opinion about the delta: zero.
I prefer to disable
Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
out of the box
that should be an exotic combi, but wait and see i disabled today ,
perhaps sombody will want support
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
li...@rhsoft.net:
Am 15.10.2014 um 17:53 schrieb Luigi Rosa:
Just to be on the safe side, is it worth to disable SSL v3 on
STARTTLS-enabled
Postfix configurations?
If yes, what is the proper way to do it?
if you don't need to support really old clients
smtpd_tls_protocols
* on the Wed, Oct 15, 2014 at 07:18:54PM +0200, Luigi Rosa wrote:
I'd be interested to hear figures regarding how much traffic would change
from being encrypted to plain text if SSLv3 was dropped for SMTP...
My humble opinion about the delta: zero.
I prefer to disable SSLv3 to prevent a
Am 15.10.2014 um 19:36 schrieb Robert Schetterer:
Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
out of the box
that should be an exotic combi, but wait and see i disabled today ,
perhaps sombody will want support
well
On Wed, Oct 15, 2014 at 05:53:31PM +0200, Luigi Rosa wrote:
Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
Postfix configurations?
The attacks in question are HTTP-specific, and apply primarily when
clients employ SSLv3 fallback after failing with TLS 1.2 or TLS
Am 15.10.2014 um 19:55 schrieb li...@rhsoft.net:
Am 15.10.2014 um 19:36 schrieb Robert Schetterer:
Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
out of the box
that should be an exotic combi, but wait and see i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viktor Dukhovni wrote on 15/10/2014 19:58:
This might break support for older versions of Outlook/Outlook Express
(Windows XP?).
That leads to another issue, probably a bit offtopic: is better a good
backward compatibility or a good security?
I
Am 15.10.2014 um 19:58 schrieb Viktor Dukhovni:
If you disable SSL 3.0, you won't be able to complete TLS handshakes
with some older, but still in use email security appliances (recent
sightings of these at some banks on the list this year IIRC)
should not harm too much in opportunistic mode,
Am 15.10.2014 um 20:04 schrieb Luigi Rosa:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viktor Dukhovni wrote on 15/10/2014 19:58:
This might break support for older versions of Outlook/Outlook Express
(Windows XP?).
That leads to another issue, probably a bit offtopic: is better a good
li...@rhsoft.net:
the problem is that way too much developers out there are unwilling to
draw a line between core functions / security and other changes
affecting the user expirience and postfix is *the* software project
which proves over many years that you don't need to break anything
On 15 Oct 2014, at 11:08 , Mike Cardwell post...@lists.grepular.com wrote:
I'd be interested to hear figures regarding how much traffic would
change from being encrypted to plain text if SSLv3 was dropped for
SMTP...
Well, my server has it enabled and it's used. I don't think there's a problem
On Wed, Oct 15, 2014 at 10:11:55PM -0600, LuKreme wrote:
This is what my home connection to my server looks like:
submit-tls/smtpd[10060]: xx.xx.xx.xx: reloaded session
EB75...s=submissionl=268439711 from smtpd cache
submit-tls/smtpd[10060]: SSL_accept:SSLv3 read client hello A
18 matches
Mail list logo