On Tue, May 14, 2013 at 02:03:44PM +0200, Andreas Schiermeier wrote:
> Thank you Wietse and Viktor for your clarifications.
>
> I admit, there's absolutely no need for the patch past Postfix 2.8 with
> OpenSSL 1.x.
The SSL_OP_NO_COMPRESSION control is not part of SSL_OP_ALL
(bug-interop work-arounds enabled by default). Therefore, there
is nothing in new releases of either OpenSSL or Postfix to disable
compression.
What Postfix 2.8 provides is the ability to turn off some work-arounds,
which has no effect on compression (and thus "CRIME"). Before 2.8,
all work-arounds were enabled. Since your auditors want you to
jump through hoops (for no reason) to disable compression, if you
in fact must do this, just disable TLS support in Postfix, then
SSL compression is no longer on their checklist.
Turning off CBC ciphers while leaving TLS enabled will just create
a bunch of pain, as some sites turn off RC4 (which has its own
flaws) and TLSv1.2 modes are still not universally supported.
So your patch may apply to your site. When I supported OpenSSL
a few years back at my previous employer (we built from source),
I always disabled compression at compile time (it never seemed
like a good idea to me, and my uninformed bias was vindicated).
That's another option.
Better than all of these is to talk to the auditor and explain
that SMTP != HTTP, and CRIME is an attack on HTTP + SSL, not
SMTP + SSL. SMTP with compression, then SSL is far more secure
than SMTP with no SSL at all, which they would not even notice,
since most email is still not encrypted. Some auditors can be
made to succumb to basic logic.
--
Viktor.
