On Wed, Oct 15, 2014 at 10:11:55PM -0600, LuKreme wrote:
> This is what my home connection to my server looks like:
>
> submit-tls/smtpd[10060]: xx.xx.xx.xx: reloaded session
> EB75...&s=submission&l=268439711 from smtpd cache
> submit-tls/smtpd[10060]: SSL_accept:SSLv3 read client hello A
> sub
On 15 Oct 2014, at 11:08 , Mike Cardwell wrote:
> I'd be interested to hear figures regarding how much traffic would
> change from being encrypted to plain text if SSLv3 was dropped for
> SMTP...
Well, my server has it enabled and it's used. I don't think there's a problem
with it for smtpd.
Th
li...@rhsoft.net:
> the problem is that way too much developers out there are unwilling to
> draw a line between core functions / security and other changes
> affecting the user expirience and postfix is *the* software project
> which proves over many years that you don't need to break anything
Am 15.10.2014 um 20:04 schrieb Luigi Rosa:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viktor Dukhovni wrote on 15/10/2014 19:58:
This might break support for older versions of Outlook/Outlook Express
(Windows XP?).
That leads to another issue, probably a bit offtopic: is better a good
b
Am 15.10.2014 um 19:58 schrieb Viktor Dukhovni:
> If you disable SSL 3.0, you won't be able to complete TLS handshakes
> with some older, but still in use email security appliances (recent
> sightings of these at some banks on the list this year IIRC)
should not harm too much in opportunistic mode
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viktor Dukhovni wrote on 15/10/2014 19:58:
> This might break support for older versions of Outlook/Outlook Express
> (Windows XP?).
That leads to another issue, probably a bit offtopic: is better a good
backward compatibility or a good security?
I
Am 15.10.2014 um 19:55 schrieb li...@rhsoft.net:
>
> Am 15.10.2014 um 19:36 schrieb Robert Schetterer:
>> Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
>>> anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
>>> out of the box
>>
>> that should be an exotic combi, but wait and
On Wed, Oct 15, 2014 at 05:53:31PM +0200, Luigi Rosa wrote:
> Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
> Postfix configurations?
The attacks in question are HTTP-specific, and apply primarily when
clients employ SSLv3 fallback after failing with TLS 1.2 or TL
Am 15.10.2014 um 19:36 schrieb Robert Schetterer:
Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
out of the box
that should be an exotic combi, but wait and see i disabled today ,
perhaps sombody will want support
well
* on the Wed, Oct 15, 2014 at 07:18:54PM +0200, Luigi Rosa wrote:
>> I'd be interested to hear figures regarding how much traffic would change
>> from being encrypted to plain text if SSLv3 was dropped for SMTP...
>
> My humble opinion about the delta: zero.
>
> I prefer to disable SSLv3 to prev
li...@rhsoft.net:
>
> Am 15.10.2014 um 17:53 schrieb Luigi Rosa:
> > Just to be on the safe side, is it worth to disable SSL v3 on
> > STARTTLS-enabled
> > Postfix configurations?
> >
> > If yes, what is the proper way to do it?
>
> if you don't need to support really old clients
> smtpd_tls_pro
Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net:
> anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0
> out of the box
that should be an exotic combi, but wait and see i disabled today ,
perhaps sombody will want support
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http
Am 15.10.2014 um 19:18 schrieb Luigi Rosa:
Mike Cardwell wrote on 15/10/2014 19:08:
I'd be interested to hear figures regarding how much traffic would change
from being encrypted to plain text if SSLv3 was dropped for SMTP...
My humble opinion about the delta: zero.
I prefer to disable SSLv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike Cardwell wrote on 15/10/2014 19:08:
> I'd be interested to hear figures regarding how much traffic would change
> from being encrypted to plain text if SSLv3 was dropped for SMTP...
My humble opinion about the delta: zero.
I prefer to disable S
* on the Wed, Oct 15, 2014 at 05:53:31PM +0200, Luigi Rosa wrote:
> Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
> Postfix configurations?
FWIW, I don't think POODLE would work against SMTP traffic. POODLE
relies on a MITM being able to pursuade the client to sen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
li...@rhsoft.net wrote on 15/10/2014 17:57:
> if you don't need to support really old clients smtpd_tls_protocols =
> !SSLv2 !SSLv3
Thanks!
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
God isn't dead, he just couldn't find a parking place.
-BEGIN
Am 15.10.2014 um 17:53 schrieb Luigi Rosa:
Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled
Postfix configurations?
If yes, what is the proper way to do it?
if you don't need to support really old clients
smtpd_tls_protocols = !SSLv2 !SSLv3
17 matches
Mail list logo
