On 2024-11-22 at 07:09:06 UTC-0500 (Fri, 22 Nov 2024 13:09:06 +0100)
Matus UHLAR - fantomas via Postfix-users <uh...@fantomas.sk>
is rumored to have said:
IIUC, as CBC ciphers are unsafe,
On 22.11.24 13:01, Bill Cole via Postfix-users wrote:
What is your basis for understanding that, in regards to SMTP?
Nothing, just remembered there were problems related to CBC mode, without
details. These links explain it nicely.
The HTTP-relevant attacks (e.g. BEAST) I am aware of on CBC
ciphersuites are infeasible against SMTP and similar protocols.
https://marc.info/?l=postfix-users&m=133649211220443&w=2
https://success.qualys.com/discussions/s/question/0D52L00004TntrHSAR/weak-cbc-mode-vulnerability-on-smtp&ved=2ahUKEwjV6r-IwfCJAxULj4kEHV_wJGUQFnoECC4QAQ&usg=AOvVaw3-avte1ZFDupDEI4r7shA1
https://blog.qualys.com/product-tech/2011/10/17/mitigating-the-beast-attack-on-tls#comment-8481
Thanks.
Now I'm searching for the proper smtpd_tls_exclude_ciphers setting to get at
least some, possibly most secure ciphers of those provided in my first mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
