[Ach] DROWN Attack

Sebastian sebix at sebix.at
Tue Mar 1 20:59:33 CET 2016


Hi,

Currently, for mailservers we allow SSL for opportunistic TLS encryption
between mailservers. For all other cases, SSL is disabled.
I think we should at least disallow SSLv2 for mta traffic, as SSLv2 and
SSLv3 are nearly equally available.

Sebastian

On 03/01/2016 08:14 PM, Torge Riedel wrote:
> Hi list,
>
> is it worth to add/merge recommendations from
>
> https://drownattack.com/
>
> to the ACH configuration?
>
> Related article (in German):
> http://www.heise.de/newsticker/meldung/DROWN-Angriff-SSL-Protokoll-aus-der-Steinzeit-wird-Servern-zum-Verhaengnis-3121121.html?wt_mc=rss.ho.beitrag.atom
>
> I apologize if ACH configuration is already up-to-date, I didn't
> checked. Too busy.
>
> Regards
> Torge
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
> -- 
> python programming - mail server - photo - video - https://sebix.at
> cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160301/24cde132/attachment.sig>


More information about the Ach mailing list