On 4/10/2014 7:57 PM, postfix-us...@tja-server.de
postfix-us...@tja-server.de wrote:
Wietse Venema wrote:
OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
ii openssl 0.9.8o-4squeeze14
Secure Socket
On Wed, Apr 09, 2014 at 11:01:05PM +, Viktor Dukhovni wrote:
I'd like to 'hear' Wietse's and Victor's opinion on how could
this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web services.
Note that the leak can also take place from a
Zitat von Viktor Dukhovni postfix-us...@dukhovni.org:
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:
I'd like to 'hear' Wietse's and Victor's opinion on how could
this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web
On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote:
I still wonder why OpenSSL does not use the memory wipe before free, is it a
performance killer or a feature?
I imagine the OpenSSL developers didn't think this was necessary when they
first started on the code 10-15 years ago and that
The Heartbleed bug allows a remote attacker to read chunks of memory
from a vulnerable TLS CLIENT PROCESS (e.g., smtp(8)) or TLS SERVER
PROCESS (e.g., smtpd(8)). OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
You can use forward secrecy
Wietse Venema wrote:
OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
ii openssl
0.9.8o-4squeeze14 Secure Socket
Layer (SSL) binary and related
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug
affect a TLS service like submission?
I suppose that the answer would very well be that it depends on the
availability of exploits, but ...
Thanks for your time and
Am 09.04.2014 23:54, schrieb Victoriano Giralt:
I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug
affect a TLS service like submission?
I suppose that the answer would very well be that it depends on the
availability of exploits, but ...
in doubt *any* service
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:
I'd like to 'hear' Wietse's and Victor's opinion on how could
this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web services.
* SSL/TLS Private keys may be compromised.
*
On Wed, Apr 9, 2014 at 7:01 PM, Viktor Dukhovni
postfix-us...@dukhovni.orgwrote:
- Upgrade to 1.0.1g ASAP if running 1.0.1--1.0.1f, and/or re-compile
OpenSSL with -DOPENSSL_NO_HEARTBEATS
- Replace server TLS private keys and certificates.
- Consider asking users to change SASL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Thanks! Victor
Very much appreciated.
- --
Victoriano Giralt
Enviado desde el movil / Sent from mobile
-BEGIN PGP SIGNATURE-
Version: APG v1.0.9
iG0EAREIAC0FAlNF0pMmHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vQHVt
On Wed, Apr 09, 2014 at 07:05:50PM -0400, Ian Evans wrote:
Thanks for this. Since many touch their email servers far less than their
postfix configs, is there a list of files we absolutely have to check for
SSL issues?
Apply the absolutely most recent patch level of whichever OpenSSL
library
On Wed, Apr 9, 2014 at 7:26 PM, Viktor Dukhovni
postfix-us...@dukhovni.orgwrote:
On Wed, Apr 09, 2014 at 07:05:50PM -0400, Ian Evans wrote:
Thanks for this. Since many touch their email servers far less than their
postfix configs, is there a list of files we absolutely have to check for
13 matches
Mail list logo