How to prevent SSLv3/Poodle attack?
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Wed Oct 15 12:03:50 EDT 2014
Zitat von Geoff Winkless <cyrus at geoff.dj>:
> Genuine question: is it shown that POODLE impacts on IMAPS?
>
> I don't see how POODLE could affect an IMAPS session, since it only works
> if you can MITM a non-SSL session on the user's browser and force it to
> request the same target page over and over.
>
> Cheers
>
> Geoff
As said i'm still reading on the details, so thanks for the pointer.
Nonetheless it might be time to give up on SSLv3 because of protocol
design errors/weakness. Unfortunately it looks like Cyrus can not
disable SSLv3 protocol without disabling ciphers also used in TLSv1.x,
no?
Regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5931 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20141015/e591044e/attachment.bin
More information about the Info-cyrus
mailing list