On Fri, Aug 08, 2014 at 02:32:17PM +0200, Gilles Chehade wrote: > On Fri, Aug 08, 2014 at 02:31:35PM +0200, Johannes L??thberg wrote: > > On 08/08, Gilles Chehade wrote: > > >>With STARTTLS I believe there is a clear text race where an attacker can > > >>create a response stating STARTTLS is unsupported resulting in > > >>cleartext transmission which I believe would not be the case for smtps. > > >> > > > > > >I have absolutely no idea what you're talking about :-/ > > > > > > > When you connect to a mailserver without SMTPS you start in cleartext, and > > that connection can be man-in-the-middle'd, which leads to the attacker > > being able to make it appear so that the mailserver doesn't support > > STARTTLS. > > > > I've seen this in practice at my old school for one. > > > > Yes, I know that :-) > > But I don't understand why it is a problem. > > OpenSMTPD does opportunistic-TLS and an attacker doing a MITM will only > be able to skip STARTTLS in a situation where..., well... we would have > falled back to plaintext anyway if the server didn't offer STARTTLS. > > If you want to enforce TLS relaying, you can add the "tls" parameter to > the relay rule which will disable opportunistic-TLS and mandate it. >
While at it, SMTPS is deprecated, we onlu support it because it shares 100% of the TLS code with STARTTLS and that some clients still offer a SMTPS auto-configuration. If it were only for me, we'd kiss smtps goodbye -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
