On 12 Apr 2014, at 19:39, Rick Zeman wrote:
It's
an Apple server so it uses its own "goto fail" TLS library, and only
has an older version of openssl (0.9.8y) on it so I'm safe--from this,
at least.
Not even wrong. :)
The "goto fail" bug was in Apple's own TLS implementation named "Secure
Transport" which has nothing to do with any version of OpenSSL or
Postfix. Secure Transport is an alternative to OpenSSL, not a supplement
to it.
Postfix as shipped by Apple is a customized variant, but not so
customized as to be using Secure Transport instead of OpenSSL. People
whose knowledge surpasses mine claim that Secure Transport is unfit for
a robust server and whether or not that is so, replacing one TLS
implementation with another isn't simple. Secure Transport is an
alternative to OpenSSL, not a drop-in replacement. Postfix is one of the
reasons Apple still includes the latest release of OpenSSL 0.9.8 in
MacOS X. Apache httpd is another.
It is fairly common on MacOS X servers to disable Apple's customized
variants of OSS like Postfix (which are typically forked from older
versions) and instead use instances built from the original
distributions of current versions. That usually includes alternative
instances of all of the infrastructure like OpenSSL. I can say with 100%
certainty that there were MacOS X servers set up like that which spent
some time vulnerable to Heartbleed, not just on port 443 for https, but
also on ports using post-connection TLS initiation (e.g. SMTP's
"STARTTLS") handled by packages including Postfix and Dovecot.
In short: Yes, Postfix smtpd can be vulnerable to Heartbleed. One MacOS
X it won't be by default because Apple's fork is built against OpenSSL
0.9.8, but it can be if you've replaced the Apple version with something
more modern.
