Security Basics mailing list archives
Re: Opportunistic TLS on mail servers
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 18 Mar 2009 03:25:37 -0430
On Miércoles 11 Marzo 2009 23:20:50 steve.dake () gmail com escribió:
I am curious as to how may people have their email servers configured to perform opportunistic TLS? It seems like a cheap way to mitigate a good portion of your potential email information leakage. If you are against it, I would like to know why. If you have used it for a while, have you had any issues?
Heh, opportunistic encryption are just that.. oportunistic. our client can be configured to use it, but... have some weakness if you dont force to use it... because: What if a man in the middle attack on a untrusted network disable or downgrade the encryption? Check for RFC 2487 to understand it:
5. The STARTTLS Command The format for the STARTTLS command is: STARTTLS with no parameters. After the client gives the STARTTLS command, the server responds with one of the following reply codes: 220 Ready to start TLS 501 Syntax error (no parameters allowed) 454 TLS not available due to temporary reason
Steps: - You start a smtp connection - a mitm attack forwarding tcp is started - a mitm act as a proxy and start connection to real server - you send a STARTTLS command - a mitm replace your STARTTLS with nothing - a mitm inject on your connection side: 454 TLS not available due to temporary reason - if your email-client doesnot mandatory enforce TLS, you will procced without TLS. - Everything from this point are unencrypted redirected and logged by the mitm host.
Just interested in what everyone has to say about the topic. Article: http://securityn00dle.blogspot.com/
Real cryptography applications involves: - Certificates: you have supposed to exchange the certs by a trusted secured way, BOTH SIDES. - Certificate integrity: generation and private keys are supposed to be well protected. BOTH SIDES. - Enforced mandatory crypto: both sides, client and server side. (SSL SMTP on 465 are good) - Good cypher algorithm support: SSLv3 are required, check for the best combination of cypher algorithms (blowfish, aes, serpent, CBC, hashing, etc...) and disable others weak supported algorithms (like 56-bit des)... To increase usability (paying it on security), you can forget the client certificates. ----------------------------- The server certificate and user training are mandatory... If you dummy accept any cert, a mitm attack could be possible and encryption are not quite useful. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Opportunistic TLS on mail servers steve . dake (Mar 13)
- Re: Opportunistic TLS on mail servers Eray Aslan (Mar 16)
- Re: Opportunistic TLS on mail servers Gustavo Castro (Mar 16)
- Re: Opportunistic TLS on mail servers Aarón Mizrachi (Mar 19)
- Message not available
- Re: Opportunistic TLS on mail servers Aarón Mizrachi (Mar 24)
- Message not available
- <Possible follow-ups>
- Re: Opportunistic TLS on mail servers Andre Pawlowski (Mar 17)
- Re: Opportunistic TLS on mail servers ad33lh (Mar 24)