Lars Heide:
> But lets disregard POODLE for the moment, does postfix handle
> "inappropriate fallback" errors in any way, or does it also fall
> back to unencrypted traffic?
If you configure "mandatory" TLS, Postfix will not use plaintext.
Otherwise, Postfix will use plaintext when the server does not
announce STARTTLS, or when the server announces STARTTLS but TLS
does not work for any reason.
There currently is a draft design that gives more control.
To give a very simple example:
TLS without fallback:
tls_security_levels = encrypt, none
This uses plaintext only if the server does not announce STARTTLS.
TLS with plaintext fallback:
tls_security_levels = encrypt:none, none
This uses plaintext when the server does not announce STARTTLS,
or when the server announces STARTTLS but TLS does not work for
any reason.
The draft supports more (tlsa, verify, fingerprint) but that would
require too much explanation.
Wietse
