[Ach] BetterCrypto guide - POSTFIX configuration mistake / missing parameter

Christian Fischer christian.fischer at greenbone.net
Sat Oct 15 14:54:06 CEST 2016


thanks for letting us know. Just want to give some more details on this:

On 10/15/2016 10:48 AM, Sebastian wrote:
> Seems they know about the issue and are planning to fix it. But it seems
> it is planned to completely drop the check for old ciphers on
> mailservers.

In general its not planned to completely drop the check for old ciphers
on mail servers. As explained at the linked OpenVAS mailinglist the
first step is to not mark other servers then Webservers vulnerable for
the HTTP(S) only attacks like BEAST, Lucky13 and Sweet32.

There will be also some reworks on the reporting of SSL issues itself in
OpenVAS. After this is finished the finial step is to not mark MTAs with
opportunistic TLS as running with weak ciphers.



Christian Fischer | Greenbone Networks GmbH | http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

More information about the Ach mailing list