Am 10.11.2014 um 16:23 schrieb Viktor Dukhovni:
> On Mon, Nov 10, 2014 at 09:28:17AM +0100, Lars Heide wrote:
>
>>> Was there a prior connection shortly before that where the handshake
>>> failed for some other reason?
>>
>> No, there is no prior connection according to our logs, which is
>> strang
On Mon, Nov 10, 2014 at 09:28:17AM +0100, Lars Heide wrote:
> > Was there a prior connection shortly before that where the handshake
> > failed for some other reason?
>
> No, there is no prior connection according to our logs, which is
> strange, now that you mention it.
A possible cause is that
Am 07.11.2014 um 16:00 schrieb Viktor Dukhovni:
>
> Was there a prior connection shortly before that where the handshake
> failed for some other reason?
No, there is no prior connection according to our logs, which is
strange, now that you mention it.
>
>> They use Kerio Connect 8.4.0 RC 1. Accord
On Fri, Nov 07, 2014 at 10:17:40AM +0100, Lars Heide wrote:
> > Please post more detailed logging for this. Was this logged by
> > your postfix/smtpd SMTP server or by the postfix/smtp SMTP client?
> > Any idea what software the other end was using? ...
>
> Logged by postfix SMTP server (I redac
Am 06.11.2014 um 17:00 schrieb Wietse Venema:
> Otherwise, Postfix will use plaintext when the server does not
> announce STARTTLS, or when the server announces STARTTLS but TLS
> does not work for any reason.
Thank you, that (together with Victors answer below) answers my questions.
> There curr
Lars Heide:
> But lets disregard POODLE for the moment, does postfix handle
> "inappropriate fallback" errors in any way, or does it also fall
> back to unencrypted traffic?
If you configure "mandatory" TLS, Postfix will not use plaintext.
Otherwise, Postfix will use plaintext when the server does
On Thu, Nov 06, 2014 at 03:08:47PM +0100, Lars Heide wrote:
> does anybody know how postfix handles a detected MITM attack based on
> POODLE?
POODLE, SSL 3.0 and more generally the "TLS_FALLBACK_SCSV" have
nothing to do with how Postfix handles TLS errors. There is not,
need not, and will not be
The specific POODLE attack is only an example that applies to
web-connections, referencing it is therefore misleading, but the
underlying flaw affects all SSLv3 traffic AFAIK.
The paper by google ( https://www.openssl.org/~bodo/ssl-poodle.pdf ) states:
"we discuss how attackers can [..] break the
Am 06.11.2014 um 15:08 schrieb Lars Heide:
does anybody know how postfix handles a detected MITM attack based on
POODLE?
it don't need to - read how it works and than imagine how it should be
possible to inject and execute javascript into the connection in case of
SMTP
Hi,
does anybody know how postfix handles a detected MITM attack based on
POODLE?
With the advent of the POODLE vulnerability, the implementation of
TLS_FALLBACK_SCSV in OpenSSL happened in order to mitigate MITM.
In case that an inappropriate fallback is detected, the SSL library
throws an erro
10 matches
Mail list logo
