[Ach] DROWN Attack
L. Aaron Kaplan
aaron at lo-res.org
Tue Mar 1 21:08:43 CET 2016
> On 01.03.2016, at 20:59, Sebastian <sebix at sebix.at> wrote:
>
> Hi,
>
> Currently, for mailservers we allow SSL for opportunistic TLS encryption
> between mailservers. For all other cases, SSL is disabled.
> I think we should at least disallow SSLv2 for mta traffic, as SSLv2 and
> SSLv3 are nearly equally available.
;) That is what i just said.
Working in that section.
So the motto "any encryption is better than none for opportunistic TLS MTA 2 MTA communication" seems to be wrong.
In fact, turning on SSLv2 makes it worse.
Best,
Aaron.
>
> Sebastian
>
>> On 03/01/2016 08:14 PM, Torge Riedel wrote:
>> Hi list,
>>
>> is it worth to add/merge recommendations from
>>
>> https://drownattack.com/
>>
>> to the ACH configuration?
>>
>> Related article (in German):
>> http://www.heise.de/newsticker/meldung/DROWN-Angriff-SSL-Protokoll-aus-der-Steinzeit-wird-Servern-zum-Verhaengnis-3121121.html?wt_mc=rss.ho.beitrag.atom
>>
>> I apologize if ACH configuration is already up-to-date, I didn't
>> checked. Too busy.
>>
>> Regards
>> Torge
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>> --
>> python programming - mail server - photo - video - https://sebix.at
>> cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
More information about the Ach
mailing list