> Am 16.10.2014 um 19:58 schrieb Jeremy Harris:
> >> Seems to me i've to use 'gnutls_require_protocols', but i've not found
> >> documentation about it...
> > tls_require_ciphers = NORMAL:-VERS-SSL3.0
> >
> > However, be aware you may no longer talk TLS at all to some
> > sites thus *increasing* your data's exposure.
>
> But with the magnitude of a vulnerbility, you can get rid of the ssl
> overhead and talk in cleartext and get some beneficial speed out of it ;)
Barring an exciting new exploit that takes this SSLv3 issue in a
completely different direction, I don't think that TLS protected email
is particularly vulnerable to POODLE. The attack itself recovers some
of the plaintext and to do this it requires a significant number of
connections, that the attacker can actively intercept and interfere
with network traffic, and that they can precisely control and alter the
content and alignment of encrypted plaintext elements.
Today, most attackers who can actively interfere with SMTP traffic can
force a downgrade to plaintext (non-TLS) SMTP transmission, allowing them
to recover *all* of the plaintext in one operation. A number of mailers
will helpfully do this downgrade themselves if the TLS connection is
repeatedly broken to a particular destination (as would happen during
an attempt to exploit this issue). Nor are mail or SMTP conversations
as amenable to content alteration and control as HTTP requests are,
and for that matter it is very hard to get a third party to generate
a few thousand of them for you on command (with very precise content
control) and try them exactly once when you know about it without
anything noticing. HTTP is an unusual special case here.
(This is not to say that you should leave SSLv3 on. I'd turn it off
for various reasons, including that it's ancient.)
- cks