Jared Johnson wrote:
I ... disagree. From my reading of plugins/tls, it looks like there is
no problem at all, in the non-async code path. It resets STDIN and
STDOUT to a socket created from scratch by the IO::Socket::SSL module.
I haven't looked at IO::Socket::SSL to see if it has this sort
I've been otherwise occupied but I forwarded this to the rest of our dev
team and our resident security guru had this to say
Original Message
Subject: Re: [Fwd: STARTTLS vulnerabilty and qmail-spamcontrol ucspi-ssl
qpsmtpd]
From:Peter