-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, Aug 08, 2014 at 03:36:51PM +0200, Reindl Harald wrote: > > Am 08.08.2014 um 15:21 schrieb Nikos Mavrogiannopoulos: > > Postfix is a different kind of beast though. It does not typically use > > TLS, but uses some kind of opportunistic security that allows anonymous > > ciphersuites. So it's a bit hard to enforce anything there, as > > man-in-the-middle attacks are possible by design > > and keep in mind in case of opportunistic TLS if you restrict > ciphers and the SMTP client don't support what you offer it > falls back to completly plaintext which defeats the intention Falling back to an insecure cipher only provides a false sense of security which isn't any better than plaintext. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJT5NRCAAoJEB/kgVGp2CYvfkwL+gL275nmp59R5YdmRUmqgZ7Q 9iNuTuAtNN6euY4llznWjiqHSTeoy6/A8821R2vCEBZQG0G0bq1ZXDJDsLoODkH3 13O57z4PcXaRNC6IjGATAvsX39ca2xlsmW1hrDS+15UEQRmkuuZ304DlydatqUIz 5LrEyUd3FkHbBaUmAHXK5BFEGtC7b+lOPwe+gDW1GAPkz89qwoKn8PSXVOwyyZLo xAyQ1J2A4LgLI6Utl1fQk8sYgY7Ro6oD8Bmr5IDf17I62lstnV3tJazqkXT0gJWL Mwf+IZIRJgAcLU7af/S6vsrkK+skgiVWoHE14C4hvpYvVAnKeabTleq1POmSZbAL Nqk/Qk764AmZqZWab+ZUuuobtBcv63kJRCnwgL8K300fEtaNXJYBju5wZbgPiIKA BOTXydbZsA9nV+CUuD1tdtK/7RU+vWecYWCoUKidFJ7tCV3b/u2CSW3HnrbdEygM kOXBa7Q/sOEbB04WSAQC1QS4pa1r+KfymhWCiAb91g== =N05U -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
