[Ach] disable SSLv2 + SSLv3 howto
Aaron Zauner
azet at azet.org
Wed Oct 15 15:22:11 CEST 2014
You're right, my fault!
STARTTLS wasn't available with SSLv3, his statement was more general and
related to 'opportunistic' encryption.
Not sure why I was thinking that it's possible to establish SMTP via SSLv3
directly.
Aaron
On Wed, Oct 15, 2014 at 3:18 PM, Hanno Böck <hanno at hboeck.de> wrote:
> Am Wed, 15 Oct 2014 15:00:12 +0200
> schrieb Aaron Zauner <azet at azet.org>:
>
> > We're currently having a discussion on the IETF UTA WG on the topic,
> > the postfix maintainer is arguing that disabling RC4, SSLv3 etc will
> > cause plaintext fallback for MTA<->MTA traffic. Which is - as far as
> > I can tell - correct for servers that do not support TLS properly (or
> > legacy clients).
>
> I'm confused by this statement.
>
> We're talking about MTA<->MTA - that is SMTP. SMTP uses STARTTLS. SSLv3
> doesn't support STARTTS, right?
>
> This argument would make some sense for RC4 etc., but not for SSLv3.
>
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno at hboeck.de
> GPG: BBB51E42
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/aed8fe92/attachment.html>
More information about the Ach
mailing list