[Samba] SSL Renegotiation Attack "Disabling reneotiation"

L.P.H. van Belle belle at bazuin.nl
Tue Aug 18 08:35:52 UTC 2015


hai, 

As far as i know, no.

Unless you are forceing all clients to use SSLv2 only (since that doesn't support renegotiation). 
Are you sure you want to disable it and not just prevent old clients from 
using the vulnerable renegotiation methods? If it's the last
you'll need to upgrade to 2.8+ to get access to tls_disable_workarounds. 

you have 2 problems. 
- One is the vulnerable methods 
- the other is renegotiation is considered a denial of service vulnerability.. 


You really dont have any option to upgrade.. 
Whats the os your running? 

Greetz, 
Louis


>-----Oorspronkelijk bericht-----
>Van: abid.hussain25 at gmail.com 
>[mailto:owner-postfix-users at postfix.org] Namens Abid Hussain
>Verzonden: dinsdag 18 augustus 2015 10:29
>Aan: postfix-users at postfix.org
>Onderwerp: SSL Renegotiation Attack "Disabling reneotiation"
>
>Dear All,
>
>I am using postfix 2.6 and currently cannot upgrade it. kindly 
>advise how
>renegotiation can be disabled completely.  Probably a command in
>configuration file.
>
>
>regards,
>Abid
>
>
>
>--
>View this message in context: 
>http://postfix.1071664.n5.nabble.com/SSL-Renegotiation-Attack-D
>isabling-reneotiation-tp78708.html
>Sent from the Postfix Users mailing list archive at Nabble.com.
>
>




More information about the samba mailing list