Public bug reported: According to testssl postfix is vulnerable to "Secure Client-Initiated Renegotiation" DoS according to testssl, and there seems to be no obvious way to change this using configuration:
testssl@sendar:~$ ./testssl.sh -t smtp 127.0.0.1:25 ... Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat 1) root@sendar:/home/lilux/alain# lsb_release -rd Description: Ubuntu 14.04.4 LTS Release: 14.04 2) root@sendar:/home/lilux/alain# apt-cache policy postfix postfix: Installed: 2.11.0-1ubuntu1 Candidate: 2.11.0-1ubuntu1 Version table: *** 2.11.0-1ubuntu1 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.11.0-1 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 3) What I expected to happen Postfix should either be resilient to this out of the box, or there should be a config option to make it so 4) What happened instead Postfix is vulnerable to this condition, without an obvious way to change this using configuration. ** Affects: postfix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1591706 Title: postfix is vulnerable to "Secure Client-Initiated Renegotiation" DoS according to testssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1591706/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs