On Wed, 08 Apr 2015 12:16:49 -0700, Kevin Chadwick <[email protected]>
wrote:
http://marc.info/?l=openbsd-misc&m=142842356024311&w=2
When I looked at the actual traffic it appeared that it gets one step
further and the connection actually stops at OpenSMTPD sending a client
hello via STARTTLS with no further response from the other side.
If someone can say it happens to them too but not to any/many other
hosts then I'd be glad to chalk it down to a bad implementation on their
side? I haven't found any others like this yet.
Do you have a test email address we can try sending something to which
uses that server?
Starttls.info gives it a crappy score BTW
https://starttls.info/check/mx5.demon.co.uk
Does your mail server support STARTTLS?
If you care about privacy, it should. Read more in the blog.
Results for: mx5.demon.co.uk
Mail server Result
mx5.demon.co.uk
Grade: E (31.6%)
Certificate
The certificate is not valid for the server's hostname.
There are validity issues for the certificate. Certificates are seldom
verified for SMTP servers, so this doesn't mean that STARTTLS won't be
used.
Generally speaking it's a bad practice not to have a valid certificate,
and an even worse practice not to verify them. Any attempted encrypted
communication is left all but wide open to Man-in-the-Middle attacks.
Protocol
Supports SSLV2. More info.
Supports SSLV3.
Supports TLSV1.
Key exchange
Anonymous Diffie-Hellman is accepted. This is suspectible to
Man-in-the-Middle attacks.
Key size is 2048 bits; that's good.
Cipher
Weakest accepted cipher: 0.
Strongest accepted cipher: 256.
Click the score for details.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
