[Ach] disable SSLv2 + SSLv3 howto
azet at azet.org
Wed Oct 15 15:22:11 CEST 2014
You're right, my fault!
STARTTLS wasn't available with SSLv3, his statement was more general and
related to 'opportunistic' encryption.
Not sure why I was thinking that it's possible to establish SMTP via SSLv3
On Wed, Oct 15, 2014 at 3:18 PM, Hanno Böck <hanno at hboeck.de> wrote:
> Am Wed, 15 Oct 2014 15:00:12 +0200
> schrieb Aaron Zauner <azet at azet.org>:
> > We're currently having a discussion on the IETF UTA WG on the topic,
> > the postfix maintainer is arguing that disabling RC4, SSLv3 etc will
> > cause plaintext fallback for MTA<->MTA traffic. Which is - as far as
> > I can tell - correct for servers that do not support TLS properly (or
> > legacy clients).
> I'm confused by this statement.
> We're talking about MTA<->MTA - that is SMTP. SMTP uses STARTTLS. SSLv3
> doesn't support STARTTS, right?
> This argument would make some sense for RC4 etc., but not for SSLv3.
> Hanno Böck
> mail/jabber: hanno at hboeck.de
> GPG: BBB51E42
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach