[Ach] disable SSLv2 + SSLv3 howto
Hanno Böck
hanno at hboeck.de
Wed Oct 15 15:18:02 CEST 2014
Am Wed, 15 Oct 2014 15:00:12 +0200
schrieb Aaron Zauner <azet at azet.org>:
> We're currently having a discussion on the IETF UTA WG on the topic,
> the postfix maintainer is arguing that disabling RC4, SSLv3 etc will
> cause plaintext fallback for MTA<->MTA traffic. Which is - as far as
> I can tell - correct for servers that do not support TLS properly (or
> legacy clients).
I'm confused by this statement.
We're talking about MTA<->MTA - that is SMTP. SMTP uses STARTTLS. SSLv3
doesn't support STARTTS, right?
This argument would make some sense for RC4 etc., but not for SSLv3.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/ed9fa956/attachment.sig>
More information about the Ach
mailing list