[Ach] DROWN Attack
L. Aaron Kaplan
aaron at lo-res.org
Tue Mar 1 21:08:43 CET 2016
> On 01.03.2016, at 20:59, Sebastian <sebix at sebix.at> wrote:
> Currently, for mailservers we allow SSL for opportunistic TLS encryption
> between mailservers. For all other cases, SSL is disabled.
> I think we should at least disallow SSLv2 for mta traffic, as SSLv2 and
> SSLv3 are nearly equally available.
;) That is what i just said.
Working in that section.
So the motto "any encryption is better than none for opportunistic TLS MTA 2 MTA communication" seems to be wrong.
In fact, turning on SSLv2 makes it worse.
>> On 03/01/2016 08:14 PM, Torge Riedel wrote:
>> Hi list,
>> is it worth to add/merge recommendations from
>> to the ACH configuration?
>> Related article (in German):
>> I apologize if ACH configuration is already up-to-date, I didn't
>> checked. Too busy.
>> Ach mailing list
>> Ach at lists.cert.at
>> python programming - mail server - photo - video - https://sebix.at
>> cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
> Ach mailing list
> Ach at lists.cert.at
More information about the Ach