On Mon, Nov 9, 2009 at 02:29, Wietse Venema <wie...@porcupine.org> wrote: > Last week there was big news about a security hole in the TLS > protocol that allows a man-in-the-middle to prepend data to a > fully-secure TLS session.
Thank you both gentlemen for your hard work on this. I've got possibly lame question. I assume STARTTLS is affected, but is also 'wrapper mode' vulnerable to this attack? I mean the mode in which client and server immediately estabilish encrypted channel, before issuing any SMTP command. Thanks, Andrzej Kukula
