[Ach] disable SSLv2 + SSLv3 howto

Hanno Böck hanno at hboeck.de
Wed Oct 15 15:18:02 CEST 2014

Am Wed, 15 Oct 2014 15:00:12 +0200
schrieb Aaron Zauner <azet at azet.org>:

> We're currently having a discussion on the IETF UTA WG on the topic,
> the postfix maintainer is arguing that disabling RC4, SSLv3 etc will
> cause plaintext fallback for MTA<->MTA traffic. Which is - as far as
> I can tell - correct for servers that do not support TLS properly (or
> legacy clients).

I'm confused by this statement.

We're talking about MTA<->MTA - that is SMTP. SMTP uses STARTTLS. SSLv3
doesn't support STARTTS, right?

This argument would make some sense for RC4 etc., but not for SSLv3.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/ed9fa956/attachment.sig>

More information about the Ach mailing list